Michael Rutt, CISSP, CISA

Information Security Architect Solutions

Layered Security

Security applications aren't considered the must have software consumers think of first, but they probably should be. Security software solutions are what keep malicious actors from accessing valuable data. There are numerous types of security software and I will put them in categories for you.

Every skill level can find great ways to protect valuable data and keep the computing environment safe.

I will use three categories to define the type of security recommend for a layered security approach. Network, server and endpoint assets need different security applications to protect each category, allowing a layered approach to security.

  • Role: Information Security Coordinator
  • Client:Higher Education
  • Agency: Information Security Architect Solutions
  • Year: 2019

Network Security:

There are a lot of ways to define network security, from the seven layers that make up a network to authentication to join a network. I want to focus on the way network traffic flows. North<->South (external <-> internal), East<->West (internal<->internal) There are great solutions for each and protecting data from malicious actors is a top priority.

Intrusion prevention (layer 7) will look at the traffic and take action and block malicious attacks in real time. It's very important to have an intrusion prevention solution and one of the best bangs for your buck for the amount of protection it provides for your whole network.

Pfsense is a great open source tool that can be used by a network administrator or an advanced home user to keep a network safe. This is a great solution to use for both North South and East West traffic. In a large enterprise environment solutions like Palo Alto can handle large amounts of network traffic or bandwidth.

Ciso makes great firewall solution for East West traffic and lower network layer traffic, like their ASA firewall solution. Being able to create rules that specifically allow traffic to and from IP ranges on specific network protocols, is what Cisco ASA excels at.

Server Security:

Server security is highly focused reducing the attack surface of the host and keep the system up to date with current security patches for all software being used. Administrators will make sure no unnecessary services or ports are open and that the host firewall is enabled. Most of the tools a System Administrator uses focus on monitoring the host for problems.

A SIEM software solution that keeps system logs on another host in case there are issues is highly desirable. If a host goes down or is compromised an administrator can access the host logs on a separate system to see the best course of action for remediation. Another great tool is a vulnerability scanning solution to get an idea of what a bad actor would see while scanning the host, looking for a way in.

There are so many great tools that an administrator can use, but the go to scanning solution is a tool called NMAP to scan a host. Nessus is another great tool that gives you a report and solutions for remediation. There are a number great tools to use to scan a system to find vulnerabilities. It's very important for an administrator to make sure they know of new vulnerabilities that happen quickly.Having a scheduled scan setup helps the administrator stay on top of vulnerabilities.

Endpoint:

Endpoint security is a fact of life for all of us. Desktops, laptops, tablets, phones...etc, there are to many endpoint solutions to mention, but we need to make sure we account for all of them or they will be compromised. Endpoint solutions that are easy to forget about are printers, cameras and wearable devices. No matter the connected device, security of the device should be our top priority.

Most desktop and laptop operating systems come with a virus scanner or freely available scanning solutions. Internet of things devices usually require a firmware upgrade to patch the system. Tools like Malwarebytes, Tachyon and Windows Update are tools that can help keep your system safe.

Having a good knowledge of how to keep your end point system patched and up to date is half the battle. I suggest setting a schedule for all your network devices to be patched.

In Summary:

A layered approach to security basically means we are all responsible for keeping our systems patched and security safe for use on the network. Protecting our identities and data has to be everyones responsibility. Looking at security holistically gives person a better understanding of the computing environment and how to stay safe on-line.