Since time immemorial security has been inevitable for the safe and peaceful existence of mankind. The need for security is an essential and fundamental need to for survival. Security cut across all areas of life from providing security for life to providing security for properties which are non-living things. The need for security also extends to the computer world as the computers of this age hold a lot of vital information about the owner be it individual or organizations. This need for security to protect the computers we use brought about the concept of computer network security.
A computer network security is the policies and practices put in place to prevent unauthorized access to a computer network and resources. This on the basic level involves the need to enter a username and password to enter a network controlled and monitored by an administrator. A network security can be available for both public and private set of users in a particular domain. A private network security includes a security for a computer network within an organization.
Going beyond the basic level of providing a security to a computer network, complex and advanced method of protecting a network security has evolved over the years. For example two factor authentication of user with the use of security token and mobile phone verification in addition to user id and password has helped tightening the security systems of computer networks. Security systems have also seen the use of 3-factor authentication such as fingerprint or retina scan to prevent unauthorized access to computer systems. All these measures have been broadly grouped into network security strategies mainly layered and in-depth security strategies.
This paper evaluates the two major network security strategies which are layered and in-depth defense, to examine the difference their advantages and disadvantages and make recommendation of the best to use between the two.
Layered security, also known as layered defense, describes the practice of combining multiple mitigating security controls to protect resources and data. A layered security can be done at any stage of the complete information strategy. A layered security strategy can help to protect network from as small as home network to as big as enterprise network of over 25000 users (Azra et al, 2014).
The main idea behind layered network is that using a single defense network may fail while adding multiple layers will cover up the flaws of another security layer. Layered security strategy includes the use of firewall, malware scanner, intrusion detection, encryption to protect information resources securely that intruders cannot have access. Layered security helps to prevent network hijack from multiple attacks. McGuiness (2009) opined that in as much there is no 100% secured system, the several layers present in this strategy makes it difficult for attackers to penetrate into the system and frustrates the activity of intruders.
Layered security packages are available from vendors for home use. For example, the antivirus applications firewall application, parental control, and privacy control and anti spam packages are all available for strengthening security systems. The term layered security does not mean applying multiple securities of same tools to a network system. That can be said to be redundancy instead of layered network security. It is the implementation of multiple different types of security with each one protecting against different types of attack. The layered network security strategy is effective as one layer of security covers up the flaws of another layer (Brian, 2011).
Defense in Depth
The term defense in-depth was coined from the military field which refers to applying more comprehensive security strategy than that of the layered security. Azra et al, (2014) opined that just as the application firewall is just a component of the entire layered security strategy, so as a layered security is in an in-depth network security strategy.
The careful and well implemented defense in-depth prevents a network system from different attacks and it also create a real time alarm for incoming intrusion to the network administrator (NSA, 2012; Lanc, 2013).
Defense in depth also serves as an efficient way of preventing remedying automatic attacks that comes from shared network. In such attack, the attacker will try to attack the network system from different angles using different methods that can be difficult to prevent, defense in depth with multiple layered security can provide protection to the system. (NSA, 2012)
The use of firewalls, VPN, intrusion detection systems and Demilitarized Zones (DMZ) are part of the defense in-depth strategy used to prevent unauthorized access to an organizations’ computer network (MacVittie & Holmes, 2012). Combining all these creates obstacle for the attacker to easily penetrate through a computer network system. Defense in-depth has been verified by experts to protect organization network against intruders and attackers.(OWASP, 2014).
The defense in-depth strategy is very flexible that it can protect a computer network against new threats. This is because each layer of defense in this strategy has heterogeneous implementation of security controls which detect attacks before they enter the system. ( Luallen & Hamburg, 2009). Rivner (2012) asserted that improper implementation of this strategy weakens the system the more and this improper implementation can be as a result of lack of motivation and experience from the network administrator.
Layered Security vs. Defense in Depth benefits and drawback
Layered and defense in-depth are two different strategies. Both compete as to which is better to use. A layered security is important for securely protecting the network providing security at every layer in the network system. On the other hand, the defense in-depth widens the scope of layered security to involve mechanism that respond to threats before a network is attacked.
Layered security idea was introduced as a means of covering up the failure of each component in the network security system by putting together different security components into one comprehensive strategy with the aim of protecting the system against intrusion.
In contrast, defense in-depth comes from the believe that there can’t be a total network security against threat or intrusion, either by single or collective security solution. Instead putting defense mechanism in place to monitor and alert for potential threat in addition to other features of layered security.
A layered security assumes focus solely on the origin of the threats in a particular category of attacks predefined in the system. For example a Norton internet security product focus on detecting and preventing users from internet threats from certain parameters specified. On the other hand, defense in-depth takes a broader approach to network security such as forensic recovery, intrusion prevention and alarm system. Common application of layered security includes the antivirus applications, firewall application, parental control, and privacy control and anti spam packages. On the other hand defense in depth strategies include other security covering preparation rather than directly protective such as monitoring, alerting, and emergency response; authorized personnel activity accounting; disaster recovery; criminal activity reporting; forensic analysis.
The disadvantages of defense in depth are that implementing this strategy can be more expensive than a layered approach as many components go into it. Another disadvantage of defense in-depth is that it is difficult to Implement the three tenet of security; confidentiality, integrity and availability because increasing confidentiality makes it more difficult to implement and manage integrity in a system. Also to many complexity in the security makes it availability difficult for users.
On the other hand, the drawback of layered security is that its simplicity can make the system more prone to attack and penetration. A layered security strategy is not as flexible as the defense in-depth strategy.
Layered security is recognized to provide multiple layers of security, cheaper and easier to implement compared to defense in-depth strategy. In as much as layered security makes user accessibility easier, the drawback can cost organizations lots of resources due to successful attack. Also has it has been verified by experts that defense in-depth is stronger in terms of providing network security this study recommends the use of defense in-depth for real-time threats alert and attack prevention mechanism. This is because of the flexibility provided by defense in-depth to protect against newly detected threat and dynamism in combating threats.
...(download the rest of the essay above)