Tuesday, July 19, 2022

Defence in Depth (DiD)

    Defense-in-depth is a cybersecurity strategy that employs a multi-layered defense system to ensure maximum safeguards. If a layer of defense fails, the others will be there to block the attacks. The architecture of DiD consists of:

·         Administrative Controls (Policies & Procedures).

·         Technical Controls (Hardware, Software, and Networks).

·         Physical Controls.

    Assuming that we are a systems security analyst for an organization and want to deploy the new server, here is my checklist:

·         Ensuring the physical safeguards are in place following security policies and protocols.

·         Using NGFW (Next Generation Firewall) as the first line of defense. This device could include IDS/IPS, application-level monitoring and control, and WAFs.  

·         Check the supply chain of the hardware used for the server.

·         Review and confirm the integrity of the components of the server.

·         Ensuring that IT technicians are following the security policies for hardening the out-of-the-box server procedures and changing all default settings.

·         Ensuring that all the updates and patches have been installed.

·         Appropriate anti-malware installed and properly configured.

·         Unnecessary ports are disabled.

·         Overseeing the testing process of server in DMZ or Screened Subnet as per security policies and protocols.

·         Reviewing the Active Directory, security policies, and logging/monitoring requirements have been met.

·         Ensuring remote access policies have been enforced.

·         DNS protection.

·         VPN and multi-factor authentication.

·         The server has been added to the inventory record, and its baseline configuration is well documented.

·         The server’s data is protected in-rest in-transit and has been set for redundancy based on the organization’s policies and protocols.

·         Ensuring all the updates and patches are current.

·         Installation of perimeter defenses such as IDS, IPS, and firewalls.

Added endpoint-related pieces of advice such as:

·         Installation of the preset OS by using a workstation installer or snapshots to keep a uniform endpoint in the organization.

·         Endpoint protection and installation of the latest version of the corporate licensed anti-malware.

No comments:

Post a Comment

Ring Home–Security Camera Breach

According to the “SAM Seamless Network” research team report in April 2022, there have been more than 1 billion IoT attacks in 2021, of whic...