Defence in Depth (DiD) is a layering ploy, initiated by the National Security Agency (NSA) for facilitating an additional layer of information security. In these multiple layers of security measures are implemented within an IT infra with the ideology that if one layer of protection is in exploitation, then the additional layers would mitigate the breach risk. It is a broadened approach that is a unique combination of physical, technical, and administrative controls for security measures. It can be integrated with multiple security measures as it is a multidirectional approach and is not bound to any particular rules or regulations.
Defence in Depth is a magnified approach to set up security and privacy policies against diversified attack vectors.
Counteractive Measures of Defence in Depth :
Security Policies and Procedures- The primary outcome of setting up policies and procedures for an organization is the conservancy of confidentiality, integrity, and availability of systems and information used by organization members
- Confidentiality involves safeguarding the assets from unauthorized individuals.
- Integrity provides the modification of assets so that the organization is in a specified and authorized manner.
- Availability is a state of the system in which authorized users have persistent access to specified assets.
Physical Security- A strategic approach to control physical access to the availability of sensitive information is inclusive in physical controls. Generic measures explored within this control are implementing security personnel such as guards and receptionists, installation of CCTV, automatic door access, and many more.
Perimeter Defences- It's traditional approach for controlling traffic flowing in and out of the data centre network. Generic measures within this area are the installation of an application firewall, server firewall, and network-level firewall. Additionally, set up Intrusion Prevention System, which controls the network traffic and Intrusion Detection System for monitoring the network traffic.
Network Security - It's an activity assigned to cushion the usability and integrity of your network(LAN, Optical Fibre, wires, WI-FI). The elemental measures within this area are as following secure your network, audit network regularly, keep O/S Patches up to date, keep Antivirus, and Malware Definitions Current, and establish Policy for Mobile and Wireless Devices.
Logging and Monitoring of Events - Logging is a standardized procedure for making a detailed set of events that occur within the application. Monitoring is analysing the logged events to check whether the application is working in a prescribed manner. Together logging and monitoring can help you to have clarity of how your applications are working on various infrastructure components.
Logical Controls - Also termed as technical controls, they set up security measures for the software and hardware of the organization. A robust technical control measure would focus on means to identify, authenticate, authorize, or limit the authenticated user to restricted actions.
Workstation Defences - The most basic security measure is the implementation of an updated antivirus system. Other measures to go with would be keeping the application and operating system patched up and updated, assuring the workstation run in limited and administrative mode. Also, assuring that the software updates installed are from verified and genuine source.
Asset Management -Asset management permits an organization to keep a record of the asset, be it tangible or intangible in nature. In an information security environment, an asset is any data, devices, or other components that support information-related activities.Asset management helps you out to assimilate your asset inventory, asset classification, patch classification status, software package version and updates and many more.
Host Security - In layman terms, the host is a computer or any computer device which connects with the network. The purpose of host security is to prevent the host operating system, file system, and it's resources from unauthorized access. Installation of a host-based firewall is one of the necessary preventive measures.
Session Security - Session security is a branch of information security which restraints the exposure of network when a user leaves the system neglected while still logged in. It also involves establishing several session controls to control session behaviour. The standard measures within this area are standardizing default session timeout, control inactive session expiry, and sending a prompt message when the session timeout is reaching out.
Application Security - Calibration of application with certain features and functionalities to the software to prevent threats. Various application parameters must be logged and monitored periodically, encrypt the cookies and set an expiration date. While building the software the organisations should be diligent about software tampering, session tampering and cryptography.
Data Protection - Data protection approach comprises of Data lifecycle management and information life cycle management. Data lifecycle management consists of securing online and offline data storage. Information lifecycle management is a comprehensive strategy for valuing, cataloguing, and protecting information assets from application and user errors, malware, and virus attacks.
After the overall understanding of the security controls, as mentioned earlier, we can break down the formation of a secure information environment by the following described steps.
- Establish an Information security policy.
- Define and classify assets, business core components, and infrastructure.
- Defend at the network edge - Firewall, IDS, IPS, and Antivirus.
- Defend within the network edge - secure demilitarized zone, encrypt channels between each communicating devices and establish VPN connection.
- Defend the Internal network - implement access control measures.
- Defend individual system components.
- Train user and impart awareness among the professionals regarding best practices.
- Frequently test the infrastructure defences to ensure rigid security posture.
Review plan and improve strategy periodically.