Overview of Defense in Depth

Internetworking refers to connecting different networks so that they can communicate, share resources, and so on. Many organizations consider their perimeter to be the connection to the Internet; however, with the liberal use of intranet, extranet, and remote user connections, the true perimeter has faded and is difficult to determine. This issue is further complicated by the security posture of the organizations on the far end of your intranet, extranet, and remote user connections. It is no longer possible to secure your network just by placing security devices (such as firewalls) at the Internet gateway.

Think of a network as a fortress that is under siege. You need to implement multiple layers of defense and try to use different types of defenses at each layer. Doing so will enable the network to handle a diverse range of attacks. A common example of this is an attack that successfully penetrates the firewalls and gets to the targeted server but is terminated by host-based intrusion detection/prevention systems installed on the server. Network attacks have become more complex and can now target multiple areas of the network simultaneously. Table 3-2 lists and describes some of the many targets on a network.


The type of attack used against a router depends on the attacker's intent. An access attack is used if the intent is to gain access to the router or network. A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is used to bring down the router or to introduce routing changes to redirect traffic and deny access to the network.


Attacks against firewalls are virtually the same as routers; however, the techniques might differ depending on the size and type of firewall being attacked.


Any attack on a network component will affect how traffic flows across that segment. Because network traffic concentrates at the switches, it is important to ensure that switches are secure. This issue has become even more important with the increased utilization of Layer 3 switching in place of routing.


Traffic flow on the network can be drastically affected by successful attacks against routers, firewalls, and switches.


A host can be compromised to gain specific data that might reside on that system, or that system might be used to launch attacks against other network resources. Often, hosts are attacked because the attacker has discovered a vulnerability on a host and wants to exploit it.


An attacker will normally exploit a vulnerability within an application to compromise a host. As technologies advance, the number and type of attacks increase.


Data can be intercepted and manipulated, but the data itself does not have any vulnerabilities. Normally, attacks are launched to access specific data. When access is gained, that data might be copied, altered, or destroyed.

Management components

Because management components are used to manage the different network components, it is important to ensure that they are secured to prevent an attacker from gaining control of the entire network.

0 0

Post a comment