A multilayered approach to securing your environment will increase the security posture of your environment. Commonly known as defense in depth, we can break down the layers as follows:
- Data
- Applications
- VM/compute
- Networking
- Perimeter
- Policies & access
- Physical security
Each layer focuses on a different area where attacks can happen and
creates a depth of protection Addressing security in layers increases the work an attacker must
do to gain access to your systems and data.
Each layer will have
different security controls, technologies, and capabilities that will
apply. When identifying the protections to put in place, cost will often
be of concern, and will need to be balanced with business requirements
and overall risk to the business.
At each layer, there are some common attacks that you will want to
protect against. These are not all-inclusive, but can give you an idea
of how each layer can be attacked and what types of protections you may
need to look at :-
Data layer: Exposing an encryption key or using weak encryption can leave your data vulnerable should unauthorized access occur.
Application layer: Malicious code injection and
execution are the hallmarks of application-layer attacks. Common attacks
include SQL injection and cross-site scripting (XSS).
VM/compute layer: Malware is a common method of
attacking an environment, which involves executing malicious code to
compromise a system. Once malware is present on a system, further
attacks leading to credential exposure and lateral movement throughout
the environment can occur.
Networking layer: Unnecessary open ports to the
Internet are a common method of attack. These could include leaving SSH
or RDP open to virtual machines. When open, these could allow
brute-force attacks against your systems as attackers attempt to gain
access.
Perimeter layer: Denial-of-service (DoS) attacks are
often seen at this layer. These attacks attempt to overwhelm network
resources, forcing them to go offline or making them incapable of
responding to legitimate requests.
Policies & access layer: This is where
authentication occurs for your application. This could include modern
authentication protocols such as OpenID Connect, OAuth, or
Kerberos-based authentication such as Active Directory. Exposed
credentials are a risk here and it's important to limit the permissions
of identities. We also want to have monitoring in place to look for
possible compromised accounts, such as logins coming from unusual
places.
Physical layer: Unauthorized access to facilities
through methods such as door drafting and theft of security badges can
be seen at this layer.
Your data may be subject to additional legal and regulatory requirements
depending on where you are located, the type of data you are storing,
or the industry that your application operates in :
Health Insurance Portability and Accountability Act (HIPAA) - healthcare industry in the US
In Europe, the General Data Protection Regulation (GDPR) lays out the
rules of how personal data is protected, and defines individuals' rights
related to stored data.
In the financial industry, the Payment Card Industry Data Security Standard is concerned with the handling of credit card data
No comments:
Post a Comment