Figure: Taxonomy of information protection mechanisms (source: http://goo.gl/1YecXg)
The first line of defense is to have denial and isolation techniques to keep bad people away from your system. For example, a firewall can prevent SQL injections by malicious users. Persistent hackers may penetrate through this defense by exploiting a vulnerability in the perimeter security or using a social engineering technique. Degradation and obfuscation mechanisms such as encryption and anonymization are utilized to make it difficult to access the real data if hackers penetrate through the first layer of defense. That is, if an attacker get his hand on the encrypted data, it will difficult to decrypt the data without having access to keys. In order to make it even more harder for attackers, negative information and deception techniques are used. For example, mix real passwords with fake passwords (honeytokens). Nowadays, attackers are so sophisticated that they may carry out attacks in your system without your knowledge, i.e. evading any detection of unauthorized actions. In fact, statistics show that most attacks on systems remain undetected or are detected after a long time from the inception of the attack. Therefore, it is important to have detection mechanisms and then counter-operations to cut down the damage caused by the attacks and take corrective measures.
Notice that some techniques provide protection for multiple overlapping areas. For example, honeytokens serve as a deception as well as a detection mechanism.
As you can see, there is no one single silver bullet that protects your system. We need to deploy multiple solutions to achieve defense in depth. The idea behind multiple defense mechanisms is to make attackers life difficult so that they give up when their effort is more than what they get in return.
References: http://goo.gl/1YecXg
No comments:
Post a Comment