A Layered Approach

Networks have advanced in functionality and complexity. Because vulnerabilities can take place at different layers of an infrastructure, it has been necessary for vendors, developers, administrators, and security professionals to understand these layers and how each should be protected.

Often, you hear about a “layered approach” to security. You are supposed to implement different layers of protection to protect networks from different types of attacks. But what does a layered approach really mean? How do you know if you are applying a layered approach?

These are excellent questions that should be explored in depth if you are serious about protecting your interior and exterior networks from all possible security compromises and breaches. To protect an environment, you must truly understand the environment, the fixes to be applied, the differences between the numerous vendor applications and hardware variations, and how attacks are actually performed. The road to a secure environment is a winding one, with some bumps, sharp turns, and attacks that lunge out from the dark. However, the most important thing when navigating this road to security is to understand the facets of the adventure and that the road never ends.

The description of a layered approach to security can be an abstract and nebulous topic because theory must be represented and implemented in reality. Many times, a layered approach means implementing solutions at different spectrums of the network. The spectrums can range from the programming code, the protocols that are being used, the operating system, and the application configurations, through to user activity and the security program that is supposed to govern all of these issues. A layered approach presents layers of barriers that an attacker must go through and compromise to get to the sought-after resource. Running antivirus software only on workstations is not a layered approach in battling viruses. Running antivirus software on each workstation, file server, and mail server and applying content filtering via a proxy server is considered a layered approach toward combating viruses. This is just one example of what must take place.

How is file access protection provided in a layered approach? If an administrator puts all users in specific groups and dictates what those groups can and cannot do with the company’s files, this is only one layer in the approach. To properly protect file access, the administrator must do the following:

• Configure application, file, and Registry access control lists (ACLs) to provide more granularity to users’ and groups’ file permissions

• Configure the system default user rights (in a Windows environment) to give certain types of users certain types of rights

• Consider the physical security of the environment and the computers, and apply restraints where required

• Place users into groups that have implicit permissions necessary to perform their duties and no more

• Draft and enforce a strict logon credential policy so that not all users are logging on as the same user

• Implement monitoring and auditing of file access and actions to identify any suspicious activity

Sound like overkill? It really isn’t. If an administrator makes all users log in using different accounts, applies file and Registry ACLs, configures groups, and monitors audit logs but does not consider physical security, a user could use a USB drive with a simple program to get around all other security barriers. All of these components must work in a synergistic manner to provide a blanket of security that individual security mechanisms could not fulfill on their own.