< Day Day Up > |
In biology, there is a concept called biodiversity. Biodiversity is the number of different types of organisms living within a particular environment. It is believed that greater biodiversity leads to healthier ecosystem. Diversity ensures that a failure in one species does not destroy the entire environment. The same can be said of the workplace, where diversity of culture, opinion, and backgrounds leads to a more robust organization capable of adapting to changes in the marketplace. The computer security concept of diversity of defense is similar. By deploying many different methods of defense in layers, a better defense is created. If an attack is successful against one type of defense, there are other forms of defense that continue to block the attacker's progress. The attacker has to change strategies constantly to penetrate farther into the system. One example is the use of different types of firewalls. If a series of packet-filtering firewalls is being deployed to provide defense in depth, different types of filtering on each of the firewalls will provide better protection than all the same type. A firewall that is checking for HTTP attacks, such as malformed URLs, may be used for the first firewall. This would be followed by one that blocks access to certain ports. Further protection may be provided through the use of network address translation, which hides internal addresses from the outside world. An antivirus system can also be hosted on a firewall that scans high-level traffic for known virus signatures. To succeed in an attack, an intruder would need to use different strategies to overcome each firewall, making the attack difficult to carry out. Deterring attacks and making intrusion as difficult and detectable as possible are what system security is all about. |
< Day Day Up > |