Monday, May 26, 2014
Paradigms of Cyber Security
When a leader decides on the security approach his or her organization will use they must decide on how proactive or reactive the system needs to be. The leader makes this decision by deciding on how much the security infrastructure and security policies are dedicated to preventative measures vs. simply responding to a breach after it has occurred.
A passive security approach does not take steps to prevent a security breach, or if it does...very little. On the other hand a dynamic (proactive) security approach takes steps to actually prevent the breach before it happens. AN example of this is using an intrusion protection system (IPS) to detect AND prevent a potential security breach. The IPS can also be used to gather information about the techniques an intruder uses to gain conduct an assessment of your net work.
A perimeter security paradigm focuses on protecting the perimeter of an organizations network. The bulk of the security system might be composed of firewalls, password policies, proxy servers and other types of technologies that tries to lesson access to the network. This is a flawed paradigm as it makes no attempt to secure the internal network systems. The perimeter is secure, but not the network itself.
A layered security paradigm focuses on the perimeter AND the internal systems of the network. The servers, workstations, routers, switches, hubs and other components of the network are secured. One approach to layered security is segmenting the network and then securing each of the segments. This way if the perimeter is compromised the internal systems may not be. Or if one of the segments is compromised the others won't be.
In a real system the best approach will likely be a hybrid approach with elements of each paradigm combined into one layered dynamic highly secure design.