Discuss about the Defense in Depth.
The computer network and systems in today’s world is becoming increasingly prone to the threats of various kinds of attacks that are sophisticated in nature and has been recognized as a matter of concern in the information industry today. There is a need to create stronger defenses against these attacks and this is accepted by the corporate organizations as these attacks contain multiple exploits (Ahmad and Maynard, 2013). These security organizations are on a constant lookout for counter measures in order to improve their defensive potential. A defense in depth is a military principle using multiple security counter measure in a coordinated manner that helps to protect the probity of the information in an organization. It is a strategy which makes it difficult for an enemy to tackle a system that is multi layered in nature instead of single barrier (Rocha, Gros and Moorsel, 2013).
The core idea behind the defense in depth is to combine various components of technology in order to build up a management of good security which would in turn form many layers of defensive mechanism for the protection against external intrusions. Before forming the component parts of a defensive mechanism one needs to follow certain procedures like a setting up a team of security professionals who are experienced led by a security chief who would be behind the engineering of a defense in depth formula .(Wilkinson, Batke, Hall and Jasper, 2011). The policies that define clearly the uses of the corporate computer networks and resources should be well communicated so that it enables the users to clearly understand the potential threats to the vulnerable information assets. Finally, training happens to be important for the people who would be the first ones to respond if an incident occurs (Wilkinson, Batke, Hall and Jasper, 2011).
The defense in depth consists of various components and it is these components that help it to function effectively and smoothly. Each component is interconnected to one another and complements each other in such a way that a complete security scenario is created. Going by the broad categories the defense in depth primarily entails the internal network, the perimeter and most importantly a human factor (Liu and Cheung, 2012). These together consist of many components of their own without which it would not be sufficient to secure networks of computers. The components that are going to be discussed below, used for defense in depth are primarily:
Along with these, there are some other components which include physical protection and personnel training, both being external in nature. Both these components are related to the people who are handling the computers and they must be well trained to comply with the defense mechanisms (Jajodia, Noel and Kalapa, 2011).
The software firewall makes use of modern techniques like port filtering, application level filtering and stateful packet inspection in a combined manner. This software is made a part of the operating systems, for example, in case of Windows it is presented as an application that helps to run a stand-alone computer which helps in guarding the entire network (Chen and Zhao, 2012). The firewall software is capable of detecting new connections that is not present in the set of regulations provided and one can either accept or reject the new connection request on this basis.
As already discussed that all the various components together form the defense in depth and even if one goes missing, it can pose a threat to the security of the organization.
If the firewalls be it hardware or software is missing from the component then it is likely that the security risk is likely to increase. If the operating system does not have firewall of its own it is prone to malware and other external hackings.
As anti-spyware programs are equally important as an anti-virus system in the computer, if they are not used it would make an organizations computers available to the outside world. This means that the data contained in these computers also become vulnerable (Liao, Lin, Lin and Tung, 2013). If not installed, the detection of any spyware present in the computer without the knowledge of the user becomes impossible thus making posing a threat to the computer as well the identity of the user and the organization.
The hierarchical password if not designed and included in the security of the organization, makes the networks and computer systems vulnerable to risks related to password authentication. It makes is easier to capture the network traffic and gain control over the networks. The password as they are encrypted would have made it almost impossible to attain it and thus capture the traffic. Furthermore is not something that is stored by the clients, thus if not installed, makes the network easily accessible.
As the biometric verification cannot be easily copied or duplicated, if not set up makes it very easy for hackers to access and gain control over the data that might be sensitive in nature. This would also increase the risk of identity swapping or undocumented access or even credential replacement in an organization (Vacca, 2012).
Lastly, if intrusion detection is not installed, the malicious entry of any unknown attacks would not be detected by the computer network. The analysis of the on-going traffic or any other transaction would not be possible. Also the distinction between the baseline behaviour andon-going activities was near to impossible if not for the intrusion detection.
Conclusion:
The defense in depth seeks to minimize the possibilities of vindictive hackers to get hold of vulnerable information. Defense in depth is such a mechanism that would provide security to the computer network in a manner that even if one of the defensive mechanisms fails to succeed, the other will in the position to tackle the attack.
References:
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Horng, S. J., Su, M. Y., Chen, Y. H., Kao, T. W., Chen, R. J., Lai, J. L., & Perkasa, C. D. (2011). A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert systems with Applications, 38(1), 306-313.
Jajodia, S., Noel, S., Kalapa, P., Albanese, M., & Williams, J. (2011, November). Cauldron mission-centric cyber situational awareness with defense in depth. In Military Communications Conference, 2011-MILCOM 2011 (pp. 1339-1344). IEEE.
Lavesson, N., Boldt, M., Davidsson, P., & Jacobsson, A. (2011). Learning to detect spyware using end user license agreements. Knowledge and Information Systems, 26(2), 285-307.
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.
Liu, C., & Cheung, L. C. (2012). U.S. Patent No. 8,261,337. Washington, DC: U.S. Patent and Trademark Office.
Main, A., & Johnson, H. J. (2010). U.S. Patent No. 7,797,549. Washington, DC: U.S. Patent and Trademark Office.
Mensch, S., & Wilkie, L. (2011). Information security activities of college students: An exploratory study. Journal of Management Information and Decision Sciences, 14(2), 91.
Rocha, F., Gross, T., & van Moorsel, A. (2013, March). Defense-in-depth against malicious insiders in the cloud. In Cloud Engineering (IC2E), 2013 IEEE International Conference on (pp. 88-97). IEEE.
Seybert, H., & Lööf, A. (2010). Internet usage in 2010–Households and Individuals. Data in focus, 50, 2010.
Vacca, J. R. (2012). Computer and information security handbook. Newnes.
Wilkinson, J., Batke, B. A., Hall, K. H., Jasper, T. J., Kalan, M. D., & Vitrano, J. B. (2011). U.S. Patent No. 7,966,659. Washington, DC: U.S. Patent and Trademark Office.
Discuss about the Defense in Depth.
The computer network and systems in today’s world is becoming increasingly prone to the threats of various kinds of attacks that are sophisticated in nature and has been recognized as a matter of concern in the information industry today. There is a need to create stronger defenses against these attacks and this is accepted by the corporate organizations as these attacks contain multiple exploits (Ahmad and Maynard, 2013). These security organizations are on a constant lookout for counter measures in order to improve their defensive potential. A defense in depth is a military principle using multiple security counter measure in a coordinated manner that helps to protect the probity of the information in an organization. It is a strategy which makes it difficult for an enemy to tackle a system that is multi layered in nature instead of single barrier (Rocha, Gros and Moorsel, 2013).
The core idea behind the defense in depth is to combine various components of technology in order to build up a management of good security which would in turn form many layers of defensive mechanism for the protection against external intrusions. Before forming the component parts of a defensive mechanism one needs to follow certain procedures like a setting up a team of security professionals who are experienced led by a security chief who would be behind the engineering of a defense in depth formula .(Wilkinson, Batke, Hall and Jasper, 2011). The policies that define clearly the uses of the corporate computer networks and resources should be well communicated so that it enables the users to clearly understand the potential threats to the vulnerable information assets. Finally, training happens to be important for the people who would be the first ones to respond if an incident occurs (Wilkinson, Batke, Hall and Jasper, 2011).
The defense in depth consists of various components and it is these components that help it to function effectively and smoothly. Each component is interconnected to one another and complements each other in such a way that a complete security scenario is created. Going by the broad categories the defense in depth primarily entails the internal network, the perimeter and most importantly a human factor (Liu and Cheung, 2012). These together consist of many components of their own without which it would not be sufficient to secure networks of computers. The components that are going to be discussed below, used for defense in depth are primarily:
Along with these, there are some other components which include physical protection and personnel training, both being external in nature. Both these components are related to the people who are handling the computers and they must be well trained to comply with the defense mechanisms (Jajodia, Noel and Kalapa, 2011).
The software firewall makes use of modern techniques like port filtering, application level filtering and stateful packet inspection in a combined manner. This software is made a part of the operating systems, for example, in case of Windows it is presented as an application that helps to run a stand-alone computer which helps in guarding the entire network (Chen and Zhao, 2012). The firewall software is capable of detecting new connections that is not present in the set of regulations provided and one can either accept or reject the new connection request on this basis.
As already discussed that all the various components together form the defense in depth and even if one goes missing, it can pose a threat to the security of the organization.
If the firewalls be it hardware or software is missing from the component then it is likely that the security risk is likely to increase. If the operating system does not have firewall of its own it is prone to malware and other external hackings.
As anti-spyware programs are equally important as an anti-virus system in the computer, if they are not used it would make an organizations computers available to the outside world. This means that the data contained in these computers also become vulnerable (Liao, Lin, Lin and Tung, 2013). If not installed, the detection of any spyware present in the computer without the knowledge of the user becomes impossible thus making posing a threat to the computer as well the identity of the user and the organization.
The hierarchical password if not designed and included in the security of the organization, makes the networks and computer systems vulnerable to risks related to password authentication. It makes is easier to capture the network traffic and gain control over the networks. The password as they are encrypted would have made it almost impossible to attain it and thus capture the traffic. Furthermore is not something that is stored by the clients, thus if not installed, makes the network easily accessible.
As the biometric verification cannot be easily copied or duplicated, if not set up makes it very easy for hackers to access and gain control over the data that might be sensitive in nature. This would also increase the risk of identity swapping or undocumented access or even credential replacement in an organization (Vacca, 2012).
Lastly, if intrusion detection is not installed, the malicious entry of any unknown attacks would not be detected by the computer network. The analysis of the on-going traffic or any other transaction would not be possible. Also the distinction between the baseline behaviour andon-going activities was near to impossible if not for the intrusion detection.
Conclusion:
The defense in depth seeks to minimize the possibilities of vindictive hackers to get hold of vulnerable information. Defense in depth is such a mechanism that would provide security to the computer network in a manner that even if one of the defensive mechanisms fails to succeed, the other will in the position to tackle the attack.
References:
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Horng, S. J., Su, M. Y., Chen, Y. H., Kao, T. W., Chen, R. J., Lai, J. L., & Perkasa, C. D. (2011). A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert systems with Applications, 38(1), 306-313.
Jajodia, S., Noel, S., Kalapa, P., Albanese, M., & Williams, J. (2011, November). Cauldron mission-centric cyber situational awareness with defense in depth. In Military Communications Conference, 2011-MILCOM 2011 (pp. 1339-1344). IEEE.
Lavesson, N., Boldt, M., Davidsson, P., & Jacobsson, A. (2011). Learning to detect spyware using end user license agreements. Knowledge and Information Systems, 26(2), 285-307.
Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.
Liu, C., & Cheung, L. C. (2012). U.S. Patent No. 8,261,337. Washington, DC: U.S. Patent and Trademark Office.
Main, A., & Johnson, H. J. (2010). U.S. Patent No. 7,797,549. Washington, DC: U.S. Patent and Trademark Office.
Mensch, S., & Wilkie, L. (2011). Information security activities of college students: An exploratory study. Journal of Management Information and Decision Sciences, 14(2), 91.
Rocha, F., Gross, T., & van Moorsel, A. (2013, March). Defense-in-depth against malicious insiders in the cloud. In Cloud Engineering (IC2E), 2013 IEEE International Conference on (pp. 88-97). IEEE.
Seybert, H., & Lööf, A. (2010). Internet usage in 2010–Households and Individuals. Data in focus, 50, 2010.
Vacca, J. R. (2012). Computer and information security handbook. Newnes.
Wilkinson, J., Batke, B. A., Hall, K. H., Jasper, T. J., Kalan, M. D., & Vitrano, J. B. (2011). U.S. Patent No. 7,966,659. Washington, DC: U.S. Patent and Trademark Office.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download