Subtitles of the Movie

Now that we've covered attack vectors, let's take a look at defense concepts and some of the terms associated with defense. Defending against an attack is the job not only of network administrators, but security admins and also users and managers. Everyone has responsibility for security in a system. Now, there's different forms of defense against the various attack methods that we will talk about throughout the course. Now, everyone make think that well, a firewall is the answer. But that's not necessarily the case. A firewall or an anti-virus program by themselves can't defend against every single attack vector out there. That's why we've come up with something called the defense in-depth strategy. Now, there are different defense strategies out there, but the reason the defense in-depth strategy is probably the best is because it covers defending every single component of a network or system against basically most any kind of known attack. Defense in-depth covers devices, such as computers, routers and firewalls. It covers software such as operating systems and applications and even covers people and physical security. Now defense in-depth doesn't rely on any one particular defense, such as a firewall or an anti-virus. It covers every single part of a network or a computer system that you can think of, all the way from the exterior router of the network to the interior computers and users and applications. Now, the defense in-depth strategy makes use of security measures or what we call controls and we use these controls at every single layer of the system or network. All a control is is a security measure. We can classify controls as one of three categories. There are administrative controls, there are technical controls and we even have physical controls. Let's talk about each one of those controls. Now, an administrative control, sometimes it could be called a management control in certain texts, that's a measure that's taken, such as policies, procedures, training, all the different things that basically are non-technical that most of the time have to do with people. You could get folks like the accountants and HR involved to develop policies and controls that would help protect the network resources in terms of the human factor. Security clearances will help you protect information. So will training. Policies and procedures are very important in getting what the security goals are out there to the masses and technical and physical controls usually support administrative controls. Administrative controls are normally defined by management. They're developed and then they're put out to the different departments of an organization and people working in those departments have to support those policies and procedures. Sometimes they're mandatory, sometimes they're only guidelines. A technical, sometimes called a logical control, are basically the measures used to provide security at the technical level. We know these as network and system administrators as being things like firewalls, intrusion detection systems, border routers and so forth. This is everything technical we can do to protect the network. This is basically where your network admins and security admins come into play. Technical controls can be protective. Sometimes we call them proactive or they can be responsive or reactive. A protective control, for example, might be a firewall. A responsive or reactive control might be an audit log or intrusion detection system. And again, technical controls are what's used to implement the administrative controls such as policies. For example, a policy may say that users can not surf to a certain website or certain type of website. That may be a written rule that everyone has to adhere to. A technical control supports that policy by, for example, configuring the firewall or the proxy server to not allow users to surf to that particular website. So the technical controls can support the administrative controls. And then we have physical controls. Physical controls basically protect against environmental and physical factors. Now, when we're talking environmental factors, we're not just talking about things like the weather, although that can be an environmental factor also. Physical controls can protect us against environmental factor such as hurricanes, tornadoes and fires and so forth, but also other kinds of environmental controls or environmental problems that we have outside of the realm of networks, such as man-made threats such as theft or hackers and so forth. Physical controls basically sometimes are known as the guns, gates and guards of the computer security world. Those are things like hidden cameras and surveillance devices and so forth that protect the physical aspects of our computers and networks. And of course, physical controls further support the administrative and even technical controls that we lay out to protect our systems. Now, all controls require different things. They require proper training on them. They require the infrastructure in place such as resources and personnel for example and they also require documentation to support their implementation. You can't implement a control without training someone on how to use it and without having the resources such as money to back it up and you also need people that are responsible for working on that control. You also need to document that control as well. Now, not all controls are required for every networking system. For a small business for example, you may not require an extensive firewall array or demilitarized zone, but you may require other controls; maybe host-based firewalls and anti-virus and so forth. You're going to use different controls based upon what kind of network and what kind of data you're trying to protect. In order to determine what you need to use to protect those systems, you have to determine what their sensitivity is. You can classify them according to how sensitive the data and systems are. If it's something that's extremely important to you and your business that might cause you to lose money or might cause your personal data to be disclosed to an unauthorized user, well of course you have to implement stringent controls. If it's something that's not very important or that you probably wouldn't mind if the data got out there in the open, you might implement lesser controls. It really depends upon how sensitive the data is. Not all data and systems of course require the same level of protection. Again, non-sensitive and low-value data may not require extensive levels of firewalls and demilitarized zones and things of that nature like higher-value might. All in all, your management must figure out how much data and systems are worth in terms of actual cost and how much the business would lose if they lost that data or systems and then assign protection based upon that. That's actually where risk management comes in and we'll be talking a little bit about that here in a later session. But essentially risk management takes the value of the data and the systems, along with several other factors and determines a level of protection that you should use in defending your systems. These are just the basic defense concepts and we'll be covering a lot of these as we go throughout the course. fending your systems. These are just the basic defense concepts and we'll be covering a lot of these as we go throughout the course.