Defense in depth’ strategy key to fight cyber threats, says Army NOSC deputy
If there’s one constant theme heard in many of the sessions at LandWarNet 2008, it is network security. One of the concepts that network security administrators have at their disposal is similar to the traditional Army’s “defend in depth” strategy, which is a defense designed to withstand repeated enemy incursions, versus forward defense, which is a single line of defenders that can be more easily pierced by an overwhelming force.
“Defense in depth is a crucial concept in securing information assets,” said Lt. Col. Glenn Herrin, deputy commander of the U.S. Army Network Operations and Security Center, speaking in a track session at the conference. “It’s a proactive approach to thinking about security from the inside out. The best available information assurance products have inherent weaknesses; it is only a matter of time before an adversary will find and exploit a vulnerability.
“An effective countermeasure is to deploy multiple defense mechanisms between the adversary and his target. Each of these defenses must present unique obstacles to the adversary. Each should include protection and detection measures, and complement while not duplicating each other.
“Defense in depth is a process, not a product. Security continues to be an on-going process. Constant vigilance and user awareness play equally important roles in building the best security posture for the enterprise network.”
One of the keys to such a defense is taking advantage of multiple security techniques like authentication, password security, anti-virus software, firewalls and intrusion detection systems to mitigate the risk of one component of the defense being compromised or circumvented.
“Putting these things in series is not always the best,” explained Herrin. “You don’t put three intrusion detection systems in a row. If they get through the first layer of barbed wire, they can get through the others.”
Herrin also emphasized that the hurdles to defending networks are not always addressed just by adding new tools.
“What’s more important is who is in control of these tools, and how they are using them,” Herrin said.