Defenses against Attacks
Although multiple defenses may be necessary to withstand an attack, these defenses should be
based on five fundamental security principles: protecting systems by layering, limiting, diversity,
obscurity, and simplicity. This section examines each of these principles, which provide a
foundation for building a secure system.
Layering
The Hope diamond is a massive (45-carat) stone that by some estimates is worth one-quarter
of a billion dollars. How are precious stones like the Hope diamond protected from theft? They
are not openly displayed in public with a single security guard standing at the door. Instead,
they are enclosed in protective cases that are bullet-proof, smash-proof, and resistant to almost
any outside force. The cases are located in special rooms with massive walls and sensors that
can detect slight movements or vibrations. The doors to the rooms are monitored around theclock by remote security cameras, and the video images from each camera are recorded on tape.
The rooms are in buildings surrounded by roaming guards and fences. In short, precious stones
are protected by layers of security. If one layer is penetrated—such as the thief getting into the
building—several more layers must still be breached, with each layer being more difficult or
complicated than the previous layer. A layered approach has the advantage of creating a barrier
of multiple defenses that can be coordinated to thwart a variety of attacks.
The Hope diamond has not always had multiple layers of security. In
1958, this priceless diamond was placed in a plain brown paper wrapper
and sent by registered first-class U.S. mail to the Smithsonian
Institution! The envelope in which it was sent is on display at the
Smithsonian along with the diamond itself.
Information security must likewise be created in layers, because one defense mechanism
may be relatively easy for an attacker to circumvent. Instead, a security system must have
layers, making it unlikely that an attacker has the tools and skills to break through all the
layers of defenses. A layered approach can also be useful in resisting a variety of attacks.
Layered security provides the most comprehensive protection.
Limiting
Consider again protecting a precious diamond. Although a diamond may be on display for
the general public to view, permitting anyone to touch the stone increases the chances that it
will be stolen. Only approved personnel should be authorized to handle the diamond.
Limiting who can access the diamond reduces the threat against it.
The same is true with information security. Limiting access to information reduces the threat
against it. Only those who must use data should have access to it. In addition, the amount of
access granted to someone should be limited to what that person needs to know. For example,
access to the human resource database for an organization should be limited to approved
employees, including department managers and vice presidents. An entry-level computer
technician might back up the database every day, but he should not be able to view the data,
such as the salaries of the vice presidents, because he has no job-related need to do so.
What level of access should users have? The best answer is the least
amount necessary to do their jobs, and no more.
Some ways to limit access are technology-based (such as assigning file permissions so that
a user can only read but not modify a file), while others are procedural (prohibiting an
employee from removing a sensitive document from the premises). The key is that access
must be restricted to the bare minimum.
Diversity
Diversity is closely related to layering. Just as it is important to protect data with layers of
security, so too must the layers be different (diverse) so that if attackers penetrate one layer,
they cannot use the same techniques to break through all other layers. A jewel thief, for
instance, might be able to foil the security camera by dressing in black clothes but should not
be able to use the same technique to trick the motion detection system.
Using diverse layers of defense means that breaching one security layer does not compromise
the whole system. Diversity may be achieved in several ways. For example, some
organizations use security products provided by different vendors. An attacker who can circumvent
a Brand A device would have more difficulty trying to break through both Brand A
and Brand B devices because they are different.
Obscurity
Suppose a thief plans to steal a precious diamond during a shift change of the security guards.
When the thief observes the guards, however, she finds that the guards do not change shifts
at the same time each night. On Monday they rotate shifts at 7:15 PM, while on Tuesday they
rotate at 6:50 PM, and the following Monday at 6:25 PM. The thief cannot find out the times
of these changes because they are kept secret. The thief, not knowing when a change takes
place, cannot detect a clear pattern of times. Because the shift changes are confusing and not
well known, an attack becomes more difficult. This technique is sometimes called “security
by obscurity.” Obscuring what goes on inside a system or organization and avoiding clear
patterns of behavior make attacks from the outside much more difficult.
An example of obscurity would be not revealing the type of computer, operating system,
software, and network connection a computer uses. An attacker who knows that information
can more easily determine the weaknesses of the system to attack it. However, if this
information is hidden, it takes much more effort to acquire the information and, in many
instances, an attacker will then move on to another computer in which the information is
easily available. Obscuring information can be an important way to protect information.
Simplicity
Because attacks can come from a variety of sources and in many ways, information security
is by its very nature complex. The more complex something becomes, the more difficult it is
to understand. A security guard who does not understand how motion detectors interact with
infrared trip lights may not know what to do when one system alarm shows an intruder but
the other does not. In addition, complex systems allow many opportunities for something to
go wrong. In short, complex systems can be a thief’s ally.
The same is true with information security. Complex security systems can be hard to
understand, troubleshoot, and feel secure about. As much as possible, a secure system should
be simple for those on the inside to understand and use. Complex security schemes are often
compromised to make them easier for trusted users to work with—yet this can also make it
easier for the attackers. In short, keeping a system simple from the inside but complex on the
outside can sometimes be difficult but reaps a major benefit.
(с) "COMPTIA SECURITY+ 2008 IN DEPTH" by Mark Ciampa
