Defense in Depth

4 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€91.73
List Price:  €128.43
You save:  €36.69
£78.50
List Price:  £109.90
You save:  £31.40
CA$135.42
List Price:  CA$189.60
You save:  CA$54.17
A$152.22
List Price:  A$213.12
You save:  A$60.89
S$133.77
List Price:  S$187.28
You save:  S$53.51
HK$781.89
List Price:  HK$1,094.68
You save:  HK$312.79
CHF 88.30
List Price:  CHF 123.63
You save:  CHF 35.32
NOK kr1,058
List Price:  NOK kr1,481.24
You save:  NOK kr423.24
DKK kr684.10
List Price:  DKK kr957.77
You save:  DKK kr273.66
NZ$164.15
List Price:  NZ$229.81
You save:  NZ$65.66
د.إ367.20
List Price:  د.إ514.09
You save:  د.إ146.89
৳10,978.23
List Price:  ৳15,369.96
You save:  ৳4,391.73
₹8,290.53
List Price:  ₹11,607.08
You save:  ₹3,316.54
RM471.80
List Price:  RM660.54
You save:  RM188.74
₦156,534.34
List Price:  ₦219,154.34
You save:  ₦62,620
₨27,950.66
List Price:  ₨39,132.05
You save:  ₨11,181.38
฿3,595.26
List Price:  ฿5,033.51
You save:  ฿1,438.25
₺3,229.78
List Price:  ₺4,521.83
You save:  ₺1,292.04
B$499.40
List Price:  B$699.18
You save:  B$199.78
R1,883.20
List Price:  R2,636.56
You save:  R753.35
Лв179.42
List Price:  Лв251.19
You save:  Лв71.77
₩133,286.20
List Price:  ₩186,606.01
You save:  ₩53,319.81
₪365.03
List Price:  ₪511.06
You save:  ₪146.02
₱5,561.09
List Price:  ₱7,785.75
You save:  ₱2,224.66
¥14,911.76
List Price:  ¥20,877.07
You save:  ¥5,965.30
MX$1,670.32
List Price:  MX$2,338.52
You save:  MX$668.19
QR364.82
List Price:  QR510.77
You save:  QR145.94
P1,359.04
List Price:  P1,902.71
You save:  P543.67
KSh13,398.66
List Price:  KSh18,758.66
You save:  KSh5,360
E£4,718.65
List Price:  E£6,606.31
You save:  E£1,887.65
ብር5,656.15
List Price:  ብር7,918.84
You save:  ብር2,262.68
Kz83,512.74
List Price:  Kz116,921.18
You save:  Kz33,408.44
CLP$93,810.03
List Price:  CLP$131,337.80
You save:  CLP$37,527.76
CN¥710.61
List Price:  CN¥994.89
You save:  CN¥284.27
RD$5,917.87
List Price:  RD$8,285.25
You save:  RD$2,367.38
DA13,435.55
List Price:  DA18,810.31
You save:  DA5,374.76
FJ$226.69
List Price:  FJ$317.37
You save:  FJ$90.68
Q780.94
List Price:  Q1,093.35
You save:  Q312.40
GY$20,949.18
List Price:  GY$29,329.69
You save:  GY$8,380.51
ISK kr13,659.63
List Price:  ISK kr19,124.03
You save:  ISK kr5,464.40
DH1,002.67
List Price:  DH1,403.78
You save:  DH401.11
L1,768.33
List Price:  L2,475.73
You save:  L707.40
ден5,652.42
List Price:  ден7,913.61
You save:  ден2,261.19
MOP$805.88
List Price:  MOP$1,128.27
You save:  MOP$322.38
N$1,866.55
List Price:  N$2,613.25
You save:  N$746.69
C$3,681.10
List Price:  C$5,153.70
You save:  C$1,472.59
रु13,266.49
List Price:  रु18,573.62
You save:  रु5,307.13
S/368.83
List Price:  S/516.39
You save:  S/147.55
K382.06
List Price:  K534.91
You save:  K152.84
SAR375
List Price:  SAR525.02
You save:  SAR150.01
ZK2,508.19
List Price:  ZK3,511.57
You save:  ZK1,003.37
L456.04
List Price:  L638.48
You save:  L182.43
Kč2,310.02
List Price:  Kč3,234.13
You save:  Kč924.10
Ft36,211.46
List Price:  Ft50,697.50
You save:  Ft14,486.03
SEK kr1,038.11
List Price:  SEK kr1,453.39
You save:  SEK kr415.28
ARS$85,066.49
List Price:  ARS$119,096.49
You save:  ARS$34,030
Bs691.23
List Price:  Bs967.75
You save:  Bs276.52
COP$389,029.38
List Price:  COP$544,656.70
You save:  COP$155,627.31
₡50,979.09
List Price:  ₡71,372.77
You save:  ₡20,393.67
L2,470.17
List Price:  L3,458.33
You save:  L988.16
₲730,160.41
List Price:  ₲1,022,253.79
You save:  ₲292,093.37
$U3,841.23
List Price:  $U5,377.88
You save:  $U1,536.64
zł395.31
List Price:  zł553.46
You save:  zł158.14
Already have an account? Log In

Transcript

A critical concept in the world of IoT security is defense in depth or layered security. Now, before we get into this too much, I want to make sure we're incredibly comfortable with a particular set of terms. And that is diversity versus redundancy. So to help us out here, I'm going to go back to World War One and Becker, World War One, you had these trench systems out there. Now with these trench systems, you didn't have just one trench, you'd have a lot of trenches two or three or four or five trenches. In that particular case, what you're talking about is redundancy.

With redundancy, we have applied some type of security control over and over again, almost always in some form of layered fashion. Now, diversity is a different animal altogether. In diversity, what we're talking about is bringing a different type of control into play. So sticking with that World War One analogy, instead of just having trenches, I'd also put in barbed wire or machine gun posts or something thing like that. Totally different types of controls to prevent the bad guys from coming across no man's land and taking over. And sorry about it.

It's right now is lots of really great stuff World War One was 100 years ago. So I'm watching all that it's on my mind. So now that we're comfortable with the difference of diversity versus redundancy, let's take a look at this a little bit. Now, what I'd like to start off with is, here's an example of a single computer sitting in my office somewhere. And what I want to do is I want to predict protect that from malware. So what can I do?

Well, I can install multiple redundant layers of security. For example, I can put anti malware directly on the system itself. I can set up network based intrusion detection, see if I can find malware that way. I can put malware on access control lists within my firewall. I can put anti malware in a lot of different places and provide a lot of layers to protect that. They're in the middle.

Now diversity is a little bit of a different animal. So with diversity here, total seminars, I only have one internet service provider, and that internet service providers, the popular dosis, Comcast, which a lot of people have these days. Now, I want to give myself some defensive depth here. So when I go out and just go get another Comcast system know, what I want to do is I want to be diverse in this case. So what I'm going to do is I'm going to keep my Comcast system, but I'm also going to go again, another provider here down in southern Texas, at&t, who would provide me a completely different Internet Service Provider service, in case anything were to ever go wrong. So that would be a great example of classic diversity when it comes to internet service providers.

So we do this a lot when it comes to diversity. So we're always thinking about different things like this now, example that I just gave you there is what we would call vendor diversity. In that particular case, I didn't stick with just Comcast I use two different vendors. To provide my internet service provider and by the way, we could do this with just about anything. We could have diversity and routers, diversity and operating systems, almost anything you want. So when we talk about diversity, we tend to think about the physical, administrative and technical control thing.

So when you think about those three things, we want to make sure that we have different types of controls on any particular situation where we want to have defense in depth. One great example would be, I don't want people logging into computers at certain times. So one of the things I could do is I could set up a technical control, and I can configure my Windows Server, so they can only log in between this time and that time, but I can also make administrative control in this case. And by setting up an administrative control, I can basically just assign people to different shifts, and then that way, they're never really going to run into each other. So two very different controls, achieving the exact same thing. Another great example I could do is let's say I don't want people using Facebook during companies time.

So in this particular case, well, I could set up a technical control and basically block Facebook comm right at my firewall. But I could also do an administrative control. And in this particular case, I could set up an acceptable use policy that says, You shall not use social media during business hours. And in that case, once again, I've got two very, very diverse types of security controls, achieving the same job. So when we're talking about defense in depth, it's great to think about the layers the layers are important. But also remember whenever we're doing good defense in depth, you have good diversity.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.