Thursday, 24 August 2017 17:31

IT Defense In Depth Part 1

Written by
Rate this item
(1 Vote)

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There are several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  • Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

  • Keep all computers and devices under the supervision of an employee or locked away at all times.
  • Only let authorized employees use your devices
  • Do not plug in any unknown USB devices.
  • Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.

Read 29536 times Last modified on Thursday, 24 August 2017 17:46
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

3614 comments

  • Comment Link Colette Sunday, 17 November 2019 02:40 posted by Colette

    Highly energetic blog, I loved that bit. Will there be a part 2?

  • Comment Link Parthenia Sunday, 17 November 2019 02:16 posted by Parthenia

    Tremendous issues here. I'm very glad to look your article.
    Thanks a lot and I'm having a look forward to touch you.

    Will you please drop me a mail?

  • Comment Link soukherbs Sunday, 17 November 2019 00:09 posted by soukherbs

    nike acg mens shoes all white red adidas ultra boost a16 yahoo nike structure 19 blue key nike waffle racer blanc jaune pour bon march茅 adidas eqt support 93 fit zone nike air huarache men all red grey uk
    soukherbs http://www.soukherbs.com/

  • Comment Link Latonya Saturday, 16 November 2019 23:29 posted by Latonya

    Hi, I do think this is a great blog. I stumbledupon it ;) I'm going to revisit once again since I saved as a favorite
    it. Money and freedom is the best way to change, may
    you be rich and continue to help others.

  • Comment Link Paul Saturday, 16 November 2019 22:38 posted by Paul

    tadalafil nell'ipertrofia prostatica [url=http://buyscialisrx.com/]order cialis[/url] tadalafil philippines generic cialis online tadalafil how long to work différence entre sildenafil
    et tadalafil http://buyscialisrx.com/ drug interactions of tadalafil

  • Comment Link ZesseCat Saturday, 16 November 2019 22:10 posted by ZesseCat

    viagra 20 mg cost e-mail address
    http://viagrawithoutdoctorbest.com - viagra goes generic
    viagra super
    viagra 100mg pills for men
    - viagra 20 mg cost you cannot delete your posts in this forum
    viagra generic date new posts

  • Comment Link Zesseedire Saturday, 16 November 2019 21:59 posted by Zesseedire

    viagra pills cheap profile
    http://viagrawithoutdoctorbest.com - canadian generic viagra
    viagra 10 mg 4 tablet joined
    generic viagra where to buy
    - viagra kaufen
    viagra 5mg cost forum software

  • Comment Link reggaelic Saturday, 16 November 2019 21:24 posted by reggaelic

    nike air pegasus 32 uomo nike magista opus release date 48 nike air foamposite pro all black shoes nike blazer mid grim reaper jordan elephant print hats xl adidas prougeator ultimate goalkeeper gloves
    reggaelic

  • Comment Link viagra online Saturday, 16 November 2019 20:50 posted by viagra online

    terribly device [url=http://www.viagrapid.com/]online viagra[/url] similarly outcome proper subject http://www.viagrapid.com/ elsewhere imagination constantly driver online viagra ever weekend http://www.viagrapid.com/

  • Comment Link ZesseCat Saturday, 16 November 2019 20:46 posted by ZesseCat

    purchase viagra in london
    http://viagrawithoutdoctorbest.com - comprar viagra generica
    viagra 10mg return to board index
    cheap viagra usa
    - viagra 3.99
    viagra 20mg review faq

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.