Read this interesting comparison about designing an intrusion defense strategy that identifies the value of business processes, and implements appropriate strategies to protect these systems using a layered defense approach is not only a good security practice, but also a regulation in many cases.
Intrusion Defense:
Lessons learned from medieval times. Is
your Castle Protected? Kevin Prince Chief Security Officer Perimeter eSecurity May 2007
Page 1 of 6 Introduction
My 10 year old boy came home recently with a very large homework assignment due two weeks later. He had been learning about the medieval times, and had to build a castle. The castle could be made out of any material, but had to include all of the items from a long list provided by the teacher including thick walls, moat, draw bridge, guard towers, arrow loops, and murder holes just to name a few. These items had to be positioned properly in the castle and labeled in order to receive full credit. As we built the castle, my boy was eager to describe for me why all of the different defensive elements were important. He would tell me that if the enemy could get past the moat, then the archers would shoot through arrow loops until which time the enemy passed over the draw bridge to the gate where they would dump boiling water or hot oil on the enemy as they were ramming the gate. I often wish we could deploy murder holes on the perimeter defenses of networks to scald hackers, spammers and other malicious people as they attempted to do us harm. But unfortunately network security is more complicated, although many of the same concepts used in medieval times can certainly be applied today. In particular, the use of a layered security defense model.
Background - Building a Good Foundation
Originally, castles were made of wood, until a clever soul realized that you could light the end of an arrow with fire, shoot the castle from afar, and burn it to the ground. This quickly led to the building of stone castles which were largely resistant to fire attacks. Much like this, attacks against largely unprotected networks in the early to mid 1990's led to the need to deploy firewalls. These devices were so effective for the next few years, the common belief was that all you needed to stay protected was a firewall. Unfortunately, this mentality remained intact to a large extent until just a couple of years ago. With better castle defenses, alternative ways of attacking a keep came about. Battering Rams, Ladders, and Catapults were often the methods used. During these "dark ages" where companies and networks felt protected behind their Magi not Line type defenses, several things changed in the way in which an attacker would attempt to compromise a network. Exploiting known vulnerabilities was a common method. Running a port scan and identifying services that were available such as FTP or Telnet. These could then be compromised using brute force attacks (breaking a username and password based on using either dictionary words, or systematically trying all possible combinations). Attacks like these were largely unorganized with a successful attack usually leading to the hosting of illegal programs, pornography or the defacement of a web site. Castles were so popular that they quickly became the center of social society with aristocrats entering and leaving with their entourages. Similarly, the Internet quickly took on a life of its own in the mid to late 1990's. If you wanted to impress your customers, you had a web site. Next, your web site had to be interactive with all sorts of services such as online banking or other transactional applications. Each one of these services being offered to customers added another door attackers could use to compromise networks. Modern day movies lead us to believe a castle siege would occur within a couple of hours. The reality is that these sieges could go on for months or years. I know of a successful attack of a network that led to the compromise of 20 million dollars in intellectual property. In this instance
Page 2 of 6 the attackers waited patiently "pinging" or checking to see if the firewall was active every five minutes for more than 18 months. During a service release where something wasn't working right, the company that was being monitored thought the firewall might be the problem and took it temporarily offline. During the following 23 minutes, all the intellectual property of the company was stolen. Tactics to divert water into the citadel, cut off supply lines, or use catapults to launch diseased bodies over the walls were often used in an effort to drive... [download for more]
