With the evolution of TCP/IP internetworking, Enterprise infrastructure has been connected to the Internet cloud more than ever, which enables tremendous business opportunities and data communication for the enterprise, but in the same time also exposes enterprise to the various threats and attacks. To protect enterprise infrastructure from known and zero-day attack, design and implement a defense in depth strategy is very important.
To defend in depth, enterprise infrastructure can be subjectively segregated into two zones: perimeter zone and internal networks/systems. Enterprise typically deploys DMZ Internet web servers, external routers, firewall, proxy, Internet DNS servers in the perimeter zone, and perimeter zone is typically the attacking point for the external threat and attacks. The defense of the critical perimeter should include routing security, which includes well-designed ACL, routing redundancy, and routing design. Firewall/proxy/DNS servers need to be hardened with system security principals to prevent attacks like DDOS and DNS poisoning.
To most enterprise large or small, web application security is probably the most critical aspect, as web applications are the most convenient and easiest attack target. Http is open through the firewall and there are many known vulnerabilities for pretty much all web servers. The most common attacks include the SQL injection, cross-site scripting (XSS), buffer overflow. OWASP (http://www.owasp.org) is a good resource for web application security.
As equally important perimeter security, VPN security and wireless perimeter is often overlooked. In today’s mobile world, companies deploy more and more VPN solution and wireless networks. If not properly secured, enterprise infrastructure could be easily attacked through VPN client and VPN tunnel, or through wireless hotspots. Because of the distributed and mobile nature of the VPN and wireless devices, protecting VPN and wireless perimeter from attacks makes it even more important to have defense strategy in place before deploying them.
Even with perimeter defense in place, internal networks and systems still need to be properly secured so that penetration of perimeter won’t leave enterprise’s critical internal infrastructure wide open to attacker. This requires implement system security, application security, and database security to all internal infrastructure components. Inside threat is one particular vector to consider for the internal security, especially upon impending lay off, firing, or spin off. Appropriate access control, authorization, and auditing logging are necessity as part of the defense.
Defense in depth depends not only physically segregation of the infrastructure as above zones for protection, but also logically depends on integrating security in the networks design, application design and secure coding, database design, and continuous system hardening. Besides defense through technology, employee security awareness training and bulletproof operation procedure should be included as part of defense in depth, along with process for security monitoring and breach detection.
Tags: application security, attack vector, enterprise infrastructure, inside threat, network security, perimeter protection, security monitoring, system security, web application security
nice post,bookmark it now,thanks for share!good night!
Hi, thank you for writing on this subject. I have been looking for something like this and your blog helps me a lot to understand the topic better. Waiting for your next post.
I enjoyed reading your blog. Keep it that way. mzsicxzgfiajyfkc
I always motivated by you, your views and way of thinking, again, thanks for this nice post.
- Joe
Hello!I am checking your blog for some weeks now. I have to admit that it is very informative. It is added in my favourite list and i will try to follow it frequently. Thanks for the interesting inputs . Moreover , i really like your theme and the way you have organised your site . Could you the name of your template ? Cheers
I’m using WordPress Default theme.
ha, I am going to test my thought, your post get me some good ideas, it’s really amazing, thanks.
- Thomas
last few days our group held a similar discussion about this subject and you point out something we haven’t covered yet, appreciate that.
- Kris
This post is so help to me! Thanks for share.
I’m thankful for this beneficial brilliant page; this could be the variety of subject that sustains me though out the day.We’ve often heard been not long ago looking close to inside your web-site ideal immediately after I noticed about these from a near good friend and was delighted when I was in a very placement to acquire it adhering to looking out for some time. Being a enthusiastic blogger, I’m happy to view other people today taking effort and including to the neighborhood. I just wanted to remark to demonstrate my comprehending for a upload because it is particularly inviting, and many writers do not get the credit score they have earned. I’m optimistic I’ll be back again once again and can send a couple of of my friends.
I agree with your post absolutely and I am now interested in reading some more of your posts on your blog and see what you have to say. Do you mind if I tweet your blog post out to my followers on twitter? I think they would also enjoy the blog post. Thanks.
No problem. Glad you liked it.