Could layered defence stop Indiana Jones?

The path is littered with the skeletons of past adventurers who failed, but nothing deters Indiana Jones. A giant boulder threatens to crush him, pressure plates trigger arrows that dart out of the walls. A ceiling closes in, threatening to squash our hero. There’s a new danger around every corner. Defeating one of the defences is no guarantee he can breach them all and make it to the treasure alive...

Although the traps in the blockbuster movies starring Harrison Ford were planted by an ancient civilisation, they serve as a perfect illustration of today’s approach towards using layered security to protect a network.

Like a hard shell around the company, a strong perimeter defence is not enough. By breaking through a single layer of security, an intruder would have free access to all of the company’s treasures. You can easily add layers to your defence to make it deeper by using the same product – such as a firewall – in different places. Alternatively, you might choose to protect sensitive networks like the research and development or accounting networks with a dedicated firewall, for example.

Due to the fact that they had added different types of protection mechanisms, the defenders of ‘The Ark’ could be more confident that their treasures would be protected. Even if one defence is breached, ‘Indy’ would need to think fast to circumvent the next one. In much the same vein, network managers should use a combination of different defences to ensure that a network is not breached.

On the perimeter, you could employ firewalls and content filters for incoming e-mail. At the network level, you could use intrusion detection systems to raise the alarm if somebody does break in, as well as web proxies. At the host level, it’s possible to deploy anti-virus programs and personal firewalls.

By relying on any one defence, the IT security manager creates a security weakness. In the end, broadening and layering your defences will make your network that much harder to breach.

Managing multiple layers

It’s not easy to manage all of these different layers of defence. The first problem is that the security products tend to have their own management interfaces, so administrators have to learn to use several different ones. As a result, it is almost impossible to enforce consistent and coherent security policies across all products. Since administrators have to switch between different user interfaces and configurations, the risk of human error is high.

The second problem is that these products are not designed to work together. If there is a security threat, the administrator has to collect inconsistent information from different sources and try to use it to understand what has happened. This takes up a great deal of time and resources.

These problems have to be tackled at a time when many companies are already struggling to contain their security management costs. Managing multiple products from multiple vendors in each layer without increasing costs will mean adding to the workload of security administrators. Administrators who are already stretched. If they cannot cope with the workload, tasks will be dropped or missed, thereby creating potential holes in the company’s defences.

It’s a mistake to think of security as a series of static hurdles for hackers to leap. Each defensive layer should be alarmed so administrators can react to intrusion by monitoring a hacker’s progress and co-ordinating the rest of the defences to defeat him or her. This is made possible by using multiple layers of security, but there also needs to be a process in place for effectively managing the complexity of layered defence.

Unification to the rescue

By relying on any one defence, the IT security manager creates a security weakness. Broadening and layering your defences will make your network that much harder to breach

Poor management of your defensive layers can result in security gaps and make your network easier to breach. To ensure optimal security, it is essential to harness a unified management system that will ultimately control every security device in each layer of your company’s defence mechanisms.

To unify security systems, the configuration of each device should be based on the same concept. This ensures that the data used in configuring security devices is consistent and coherent, in turn reducing the likelihood of bad configuration and human error. By way of example, employing unified management means that an administrator can define objects once and use them in several different places instead of redefining them every time.

The second requirement for unifying security systems is that security events generated by security devices have a common structure so that the information can be centrally collected and processed. Reports based on consolidated information will yield more refined data for the administrators and, in turn, will speed up their problem-solving (thus leaving more time for other, perhaps more important business-related tasks).

Several studies show that the three-year total cost of ownership of a security solution consists mostly of administration costs. Most of the administrator’s time is spent on managing changes to the existing environment and investigating possible security incidents.

A unified management system enables administrators to centrally upgrade security patches to all security devices in different defence layers. Change management will become easier and more accurate because configuration changes have to be done only once, and they can then be applied at several enforcement points.

Layered defence: deeper security

Unified management reduces the number of false alarms because the alarm information can be easily correlated with that received from other enforcement points.

For example, a firewall log might show some suspicious activity against Host A. The administrator can then use unified management to check intrusion detection system logs and Host A’s log entries for the same time period in order to establish whether the alert was justified.

The fact that all of this information is in one place saves a lot of time and money. The administrator can then concentrate on real threats rather than false alarms.

Layered defence is a battle-proven way to increase the security of your company. Until recently, it was a privilege that only the bigger corporate companies could afford. Now, given unified management and the optimisation of resources, even smaller and medium-sized businesses can afford it.

As far as famous Hollywood director Steven Spielberg is concerned, Indiana Jones is unstoppable and will always succeed in hunting down the treasure.

However, you can’t help but wonder whether or not ‘Indy’ would be quite so successful if there were unified management for all the booby traps protecting those treasures... A thought that will no doubt be occupying the minds of IT and security directors alike.