Thursday, 24 August 2017 17:31

IT Defense In Depth Part 1

Written by
Rate this item
(1 Vote)

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There are several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  • Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

  • Keep all computers and devices under the supervision of an employee or locked away at all times.
  • Only let authorized employees use your devices
  • Do not plug in any unknown USB devices.
  • Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.

Read 13753 times Last modified on Thursday, 24 August 2017 17:46
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

1171 comments

  • Comment Link pipi Wednesday, 26 June 2019 16:53 posted by pipi

    thank you web site admin

  • Comment Link komiklist Wednesday, 26 June 2019 16:41 posted by komiklist

    asics gel saga gris verde nike hyperadapt 1.0 negro blanco azul zapatos on venta lebron 10(x) low todas negro nike air max 98 todas negro nero rosa blu air perce femminile heels nike solarsoft kd slide bianca blu scarpe
    komiklist

  • Comment Link shanawdithit Wednesday, 26 June 2019 14:23 posted by shanawdithit

    sepatu futsal nike elastico superfly bandung billig women nike sb white for cheap billig kansas city royals hat world series mvp billig jordan cable knit hat repair billig nike elastico zalando que billig monster energy baseball caps uk kitchen billig
    shanawdithit

  • Comment Link biginkprints Wednesday, 26 June 2019 11:23 posted by biginkprints

    cleveland cavaliers antawn jamison 4 white nba authentic jersey sale greece 22 andreas samaris away mens adults short sleeves 2016 2017 country national team soccer jerseys women nike carolina panthers 41 captain munnerlyn game blue alternate nfl jersey sale nike raiders 89 amari cooper new lights out black mens stitched nfl elite jersey angels 17 shohei ohtani red alternate womens stitched baseball jersey nike broncos 12 paxton lynch orange team color mens stitched nfl limited tank top jersey
    biginkprints

  • Comment Link nasdaqim Wednesday, 26 June 2019 09:09 posted by nasdaqim

    blanco azul p煤rpura nike zoom kobe icon uk zapatos rojo and p煤rpura jordans new air max 90s jordan 31 negro and rojo uk scarpe bianca nero nike air total foamposite max wholevendita nike mercurial vapor femminile nero blu marrone
    nasdaqim

  • Comment Link loopdealer Wednesday, 26 June 2019 06:53 posted by loopdealer

    asics gel saga gris verde nike hyperadapt 1.0 negro blanco azul zapatos on venta lebron 10(x) low todas negro nike air max 98 todas negro nero rosa blu air perce femminile heels nike solarsoft kd slide bianca blu scarpe
    loopdealer

  • Comment Link jdtbCoar Wednesday, 26 June 2019 01:37 posted by jdtbCoar

    [url=http://cialishwzbm.com/]cialis[/url] buy cialis buy cialis

  • Comment Link ujikCoar Wednesday, 26 June 2019 01:34 posted by ujikCoar

    [url=http://cialisheobg.com/]cialis pill[/url] cialis buy generic cialis

  • Comment Link bleuvital Wednesday, 26 June 2019 00:02 posted by bleuvital

    mets memorial day jersey uk sale usa ncaa basketball jersey design uk sale adidas x tango 18.3 ic himmelbl氓 air jordan 6 sort oreo jordan 5 low og adidas nmd retail preis
    bleuvital

  • Comment Link bmwlawfirm Tuesday, 25 June 2019 19:10 posted by bmwlawfirm

    new era old english fitted hats online billig vintage style knit hat quiz billig cleveland cavaliers 23 lebron james yellow throwback short sleeve stitched nba jersey billig atlanta braves cooperstown hat hours billig nike air jordan 3 blue and red billig nike indianapolis colts 12 andrew luck black impact limited jersey billig
    bmwlawfirm

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.