IT Defense In Depth Part I
In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications in those places, you can rebuff any attack. As France found out just a decade later, you can't map every possible avenue for attack.
What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.
Hackers are creating viruses faster than antivirus programs can recognize them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net. Those Windows updates you keep clicking "remind me later" about? They're often designed to patch some of the vulnerabilities used by cybercriminals to circumvent antivirus detection.
Even if you had a perfect antivirus program that could detect and stop every single threat, once an employee has been coerced into clicking on a link in an email, or on a website, all the antivirus software in the world won't help you. This is due to the false positive problem; the people who publish antivirus software know they can't possibly identify every piece of malware, so they use behavioral identification. The problem is that some legitimate software might look like a virus behaviorally, so once a user has allowed the software to execute, antivirus ignores it unless its a 100% known piece of malware. Once a user has clicked on that link from the hacker pretending to be Joe in IT, he's effectively told the antivirus software that the malware is OK to run.
There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.
The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.
Here are a few examples:
- Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information. (I hope they were encrypted!)
- The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
- Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.
For the physical layer, you need to:
- Keep all computers and devices under the supervision of an employee or locked away at all times.
- Only let authorized employees use your devices
- Do not plug in any unknown USB devices.
- Destroy obsolete hard drives before throwing them out, or hire a firm to permanently wipe the drives using an approved DoD standard.
Next week, we'll cover the human and network layers of security..
Did you find this article helpful or interesting? Like & follow ROI Technology Inc. on social media for contests, free e-guides, and more!