CS406: Information Security

Here we see an example of that medieval castle we were talking about earlier, where you have obviously bollards, and moats, and drawbridges, and all these different ways to have different layers to protect the keep – which is you know where the king and queen are deep inside the castle. So this idea has been around for centuries and, so if we think about our castle being the inside network there, our castle will be our database, our datacenter – where all of our mission-critical servers and services are – the server room, the datacenter, that would be our keep.

You can see from the outside network, and what we're talking about here is just E-mail, SMTP. We've got a perimeter router which has security services on it. Behind that we have a firewall and that firewall is doing stateful and stateless packet inspection, also application inspection and control. We've got a DMZ with three servers down there, a public web server, public DNS, and public mail gateway which is kind of a relay to an inside mail gateway in a server farm or a datacenter. We've also got a firewall behind that which is doing filtering or inspection of SMTP as well. And, so on the inside network, we've got those internal resources inside DNS, mailbox servers, mail gateways, databases, don't forget about DHCP servers as well. So this is a very critical concept, and one that is really at the heart of the way you deliver sys from an operational basis as a security practitioner.

So to elaborate on defense-in-depth, you know, this is a philosophy, it's a combination of an art and a science, basically, to develop a layered security approach by having multiple security mechanisms – defense-in-depth and defense-in-breadth. So security mechanisms should back each other up. For instance, if you have an IDS or an IPS sensor, it's inspecting traffic inline, it really should only be inspecting the traffic that gets through the firewall first, okay, but the security mechanisms don't depend upon each other. So their security doesn't depend upon factors that they can't control, so each security component does stand alone.

You also want to eliminate single points of failure or weak links in your systems. You want to have redundant firewalls, redundant sensors, and redundant secure routers and switches. You're going to defend in multiple places, defend in networks and your infrastructure, protect the local area connection, protect the wide area connection, provide the CIA – Confidentiality, Integrity, and Availability. You want to defend your boundaries – not just the boundary to the outside to the service provider but also boundaries between the core of your network in the datacenter or the server farm, protecting, let's say, some place that's not secured like a call center, okay.

Think about protecting your management VLAN as well. You're going to build layers of defenses. Each mechanism should include both protection measures and detection measures, and you should use robust components. In other words, they can be updated on a regular basis, they can be patched and fixed and made to be stronger on an ongoing updated basis. You also want to have robust key management, okay. You're going to be using public key infrastructures (PKI), and private keys, shared secret key; so have good robust key management. You also want to think about deploying intrusion detection services and/or intrusion prevention services.

Source: LearnCisco, https://www.learncisco.net/courses/iins/common-security-threats/security-architecture-design-guidelines.html
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.