Thursday, 24 August 2017 17:31

IT Defense In Depth Part 1

Written by
Rate this item
(1 Vote)

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There are several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  • Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

  • Keep all computers and devices under the supervision of an employee or locked away at all times.
  • Only let authorized employees use your devices
  • Do not plug in any unknown USB devices.
  • Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.

Read 29912 times Last modified on Thursday, 24 August 2017 17:46
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

4071 comments

  • Comment Link umroh sesuai sunnah Monday, 04 November 2019 20:01 posted by umroh sesuai sunnah

    Right here is the perfect webpage for anybody who wants to understand this topic. You understand so much its almost hard to argue with you (not that I really would want to…HaHa). You definitely put a fresh spin on a subject which has been written about for years. Wonderful stuff, just excellent!

  • Comment Link Brigida Monday, 04 November 2019 19:57 posted by Brigida

    W http://cialisles.com cialis 20 mg best price - already el
    cialis produce impotencia cialis 20mg or cialis online pharmacy

  • Comment Link giornetti Monday, 04 November 2019 19:41 posted by giornetti

    nike kd 6 nsw black shoes for sale air max 270 unicorn mercurial superfly diamond and rust nike air zoom elite 9 black white shoes on sale nike zoom or noir pour bon march茅 adidas predator accelerator yellow blue shoes
    giornetti

  • Comment Link paket umroh murah Monday, 04 November 2019 18:26 posted by paket umroh murah

    This is the perfect site for anyone who hopes to find out about this topic. You realize a whole lot its almost hard to argue with you (not that I actually will need to…HaHa). You certainly put a brand new spin on a topic that's been written about for years. Excellent stuff, just excellent!

  • Comment Link Julienne Monday, 04 November 2019 17:21 posted by Julienne

    all the time i used to read smaller articles or reviews
    that as well clear their motive, and that
    is also happening with this paragraph which I am reading now.

  • Comment Link Clarissa Monday, 04 November 2019 15:28 posted by Clarissa

    tadalafil in scleroderma [url=http://buyscialisrx.com/]buy cialis online[/url] tadalafil 20mg manipulado cialis online acheter le tadalafil
    cialis efek sildenafil dan tadalafil http://buyscialisrx.com/ acquistare tadalafil
    in farmacia

  • Comment Link daronleah Monday, 04 November 2019 15:12 posted by daronleah

    women nike carolina panthers 20 chris gamble game black team color nfl jersey sale jordan eclipse black jd boston red sox stocking cap map nike free run 3 blue silver nike vandal 2k blanc adidas predator accelerator yellow blue shoes
    daronleah http://www.daronleah.com/

  • Comment Link paket umroh murah Monday, 04 November 2019 14:51 posted by paket umroh murah

    Right here is the perfect blog for anybody who would like to understand this topic. You understand a whole lot its almost tough to argue with you (not that I actually would want to…HaHa). You definitely put a new spin on a topic that has been discussed for ages. Wonderful stuff, just wonderful!

  • Comment Link umroh sesuai sunnah Monday, 04 November 2019 14:25 posted by umroh sesuai sunnah

    Right here is the right web site for anyone who would like to understand this topic. You know a whole lot its almost hard to argue with you (not that I personally will need to…HaHa). You definitely put a brand new spin on a subject that's been discussed for a long time. Wonderful stuff, just great!

  • Comment Link Forest Monday, 04 November 2019 14:19 posted by Forest

    I think that everything wrote was very logical. But, consider this, what if you added a little information? I am not suggesting your content isn't
    good, but what if you added a post title to maybe get people's attention?
    I mean IT Defense In Depth Part 1 is kinda vanilla. You might peek at Yahoo's front page and note how they create article headlines to
    get viewers to click. You might try adding a video or a related pic or two
    to get people interested about what you've got to say.
    In my opinion, it could bring your posts a little livelier.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.