Thursday, 24 August 2017 17:31

IT Defense In Depth Part 1

Written by
Rate this item
(1 Vote)

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There are several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  • Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

  • Keep all computers and devices under the supervision of an employee or locked away at all times.
  • Only let authorized employees use your devices
  • Do not plug in any unknown USB devices.
  • Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.

Read 10085 times Last modified on Thursday, 24 August 2017 17:46
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

575 comments

  • Comment Link Latrice Saturday, 06 October 2018 07:30 posted by Latrice

    I am regular reader, how are you everybody?
    This piece of writing posted at this web site is genuinely nice.

  • Comment Link Gilberto Friday, 05 October 2018 17:40 posted by Gilberto

    I constantly spent my half an hour to read this weblog's posts
    everyday along with a cup of coffee.

  • Comment Link Sabine Friday, 05 October 2018 11:29 posted by Sabine

    Hello there! I simply want to offer you a huge thumbs up for the great information you've got here on this post.
    I'll be returning to your web site for more soon.

  • Comment Link Bob Thursday, 04 October 2018 23:26 posted by Bob

    Hello to every body, it's my first pay a visit of this blog; this webpage contains amazing and genuinely
    good data in favor of visitors.

  • Comment Link Bitcoin Trading System Thursday, 04 October 2018 22:52 posted by Bitcoin Trading System

    Have you ever wanted to learn how to buy and sell Bitcoin? There sure is a lot of money to be made trading it. What if there was an easy to follow method that could earn you money? There is. All it takes is following these simple steps. This system is so simple, even a chimpanzee could do it! Follow the link and see for yourself just how easy profiting from Bitcoin can be https://t.grtyv.com/4oye9wkgw0?aff_id=29696&offer_id=5182&nopop=1

  • Comment Link Susannah Thursday, 04 October 2018 00:08 posted by Susannah

    Thanks a bunch for sharing this with all of us you really understand what you're speaking about!
    Bookmarked. Kindly also consult with my web site =).
    We may have a link exchange arrangement between us

  • Comment Link sa Wednesday, 26 September 2018 23:15 posted by sa

    I cannot thank you enough for the post.Really looking forward to read more. Cool.

  • Comment Link 12nana Tuesday, 25 September 2018 08:03 posted by 12nana

    Wszyscy pisza ze ciezko dostac pozyczke, ja bralem na http://pozyczka-prywatna-online.pl bez problemu.

  • Comment Link Tricia Monday, 24 September 2018 23:49 posted by Tricia

    Do you have any video of that? I'd like to find out some additional information.

  • Comment Link Wolfgang Wednesday, 19 September 2018 23:12 posted by Wolfgang

    Good post! We aare linking too this great post on our site.
    Keep up tthe good writing.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.