Practical Security Principles

1514 Words7 Pages
Practical Security Principles: The Five Basic Security Principles CIS 333 August 31, 2010 There are five basic principles that are used in network security. They are layering, limiting, diversity, obscurity, and simplicity. Each on its own is not enough to keep a network safe. Only by using all of them, and doing so intelligently and wisely, can we keep from being the next big story in the news about failure to keep our data protected. Layering can be thought of as a medieval castle, or in modern terms, defense in depth. The idea behind it is to make our Keep (data, network infrastructure) safe from the barbarians (hackers, corporate spies). The idea behind layering is to make it hard and un-profitable for the bad guy to breach our network. It’s accomplished by using hardware devices like Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Software devices used are; firewalls, Host intrusion Prevention Systems (HIPS), and Antivirus/Malware scanners. The concept of “work factor” is an important part of layering and is defined as the amount of effort a hacker, malware, etc. must use to breach the security measures guarding our network. Obviously, the less work they have to do point out that our security isn’t good. Showing that we have strong, layered security around our data and network will convince them to go elsewhere. Building our castle will start with the perimeter (securing the demark) and work inward toward the user (securing the workstation). As part of the layering, we can use VPN encryption for secure connections to remote devices (laptops, blackberrys, etc) and network based anti-virus programs on the servers in the DMZ. Moving in from the perimeter, implementing hardware based Intrusion Detecting and preventing systems on our network, along with network access controls and user authentication gives

More about Practical Security Principles

Open Document