Introduction
Network security is an important concept of computer networks that is aimed at the prevention of network intrusion. The profound use of the internet in itself poses a threat of network intrusion by unauthorized hackers. One of the possible solutions towards the prevention of computer network intrusion is to subject the network under potential threats in order to evaluate the weak points (Fadia & Manu, 2007). Such approach usually involves ethical hacking which serves to evaluate the level computer security. Other approaches to avoid intrusion include the use of Defense-in –depth strategy and the implementation of appropriate intrusion detection system (Clarke, 2010).
The objective behind the implemented Defense-in-depth strategy
This strategy is primarily an Information Assurance approach which involves layering the defense security platforms for the sole purpose of increasing protection against potential computer security attacks. The major purpose of the Defense –in-depth approach to computer security is to delay the onset of the potential threat rather than prevent the hacker from breaking into the system. In order for the strategy to be effective, it must implement effective threat detection mechanisms and effective measures to counter the threats (Warren & Jay, 2002).
The defense in depth strategy basically deploys the use of protection mechanisms, layered procedures and information security policies that serve the sole purpose of enhancing the dependability of a computer network through the division of the defense into multiple layers. The mostly ignored common phenomenon by majority of organizations is that major security breaches are usually from within the organization rather than by outsiders. Defense in depth mechanism does not only delay the onset of the threats, but also provide avenues that could be used to detect potential threats and help an organization to take necessary control measures to contain the threat, thereby decreasing the consequences that associated with the computer network security breaches (Warren & Jay, 2002).
The underlying principle behind the functionality of the defense in depth strategy is that it creates multiple layers between the hacker and the organization’s information; in the sense that the deeper the attacker attempts to gain access into the information system of the organization, the more difficult it becomes for the attacker to have access to the information. The multiple layer approach serves to prevent direct attack to the organization’s network. Further more, the defense in depth approach offers natural platforms for the deployment of effective intrusion detection methods which could both be hardware oriented, software oriented or people oriented. In an ideal world, the implemented defense in depth strategy should be able to delay potential security breaches, and provide sufficient time so that the organization can respond to a threat, thereby decreasing its impacts, which could be in terms of cost, prevention of information theft and maintaining of the integrity of the information (Clarke, 2010).
Managing a secure network is an important concept of the defense in depth strategy. Implementing network security involves the three basic attributes of network security:
- Access control; which involves monitoring the people on the network and the various network resources that are at their disposal.
- Integrity; ensuring that the information network itself is reliable as a critical business requirement and potential threats should be address as early as possible.
- Privacy; making sure that the network traffic is not accessible to every one.
The layers in defense in depth strategy
The first and the basic strategy in optimizing the security of an information network is physical security. Physical security simply implies that access to the hardware systems is limited to only the required personnel, for instance, the network servers should only be accessed by the network administrators. One effective way of implementing physical security is through the use of deadbolt locks and other approaches that attempt to limit the physical access to critical information system hardware. Logical access to the network should limited within the organization perimeters, regulatory requirements also need to be put in place so as to monitor the flow of information in the organization’s network. Stringent policies regarding the disclosure of the organization’s information should also be implemented (Fadia & Manu, 2007).
The second strategy in defense in depth approach is authentication. Authentication serves to limit access to actual information system of an organization. This is critical as most security breaches in the present information age usually involve the by pass of the authentication protocols in any information network. Authentication can be implemented through the use of controlled access by means of passwords which are secure and less prone to the hacking algorithms. Password security can be implemented through the use limited attempts, failure to which the information network detects such cases and relays such scenarios as potential security breaches (Warren & Jay, 2002).
Another critical strategy in the defense in depth strategy is the use of Intrusion Detection software (IDS) to monitor the network and the various activities that take place in the information network. The IDS serves to report malicious activities to the network management stations. Intrusion prevention basically involves the carrying out of intrusion detection and taking of necessary responsive measures to contain the threats. The IDS usually logs the information concerning the security breaches and reports them to the network management.
Another approach in fostering network security involves the use of appropriate firewall software. Firewalls serve also to monitor the activity of the network; the access from particular sites could be limited thereby increasing the security parameters of the information network.
Conclusion
The defense in depth strategy is a proactive strategy that attempts to foster information security from both internal and external network elements. Information security is a continuous and dynamic process due to the changing nature of the threats. This implies that information networks require constant vigilance in order to foster network security (Fadia & Manu, 2007).
References
Clarke, N. (2010). Computer Forensics. New York: IT Governance Ltd.
Fadia, A., & Manu, Z. (2007). Network Intrusion Alert An Ethical Hacking Guide to Intrusion Detection. New York: Cengage.
Warren, K. I., & Jay, H. (2002). Computer Forensics Incident Response Essentials. New York: Addison-Wesley.