Java Reference
In-Depth Information
Physical Access
Control System
Security Guards
Visitor and Inventory
Access Logs
CCTV Systems and
Motion Sensors
Firewall and
Configuration
Proxy Servers
Routers and Access
Control Lists
Firewall and Router
Hardening
Physical
Intrusion
Detection/
Prevention
System
Network
Operating
System Hardening
Host IDS/IPS
Logging and Log
Management
Database
Hardening
Encryption and
Key Management
Operating System
Fire Integrity
Monitoring
Secure Coding
Practices
Applications
and Databases
Web Application
Firewall
Logging and Log
Management
Use of
SSL/TLS
Application
Server Hardening
Authentication
and Authorization
Information
Figure 3.2
organizational information security architecture—defense-in-depth.
irewalls can keep a track of the connection state and drop packets from IPs that were not previ-
ously part of an established connection. Earlier, the simple packet inspection irewalls were fooled
by SYN lood attacks or SYN-FIN attacks, which stemmed from the fact that irewalls did not
capture state. Modern-day irewalls even have antivirus and content-iltering functionality built
into the appliance. Network intrusion prevention systems (NIPS) now are able to ilter network
traic based on built-in attack signatures. In some cases, NIPS even perform behavior analysis
and ilter out any traic that does not correspond to the normal behavior of the network, without
triggering several false positives.
*
3.2.1.3 Host Security
Host security is the concept that focuses on the operating system. he trend has been that secu-
rity at the operating system level has also experienced several attacks over the years and still
continues to do so. Operating systems are the target of several Internet viruses, worms, and
malware in general, but there are several ways to ensure that the operating system stays protected.
Although it is not the ideal way to ix security vulnerabilities in operating systems, efective patch
management for operating systems remains one of the best ways to protect against code designed
to exploit the system's vulnerabilities. Operating system vendors release patches based on the lat-
est exploits being launched against operating system platforms. Microsoft, being the most widely
*
False positives are those vulnerabilities or attacks that are detected as attacks by the vulnerability scanners or
the intrusion prevention systems but in fact are not attacks or vulnerabilities. Sometimes, intrusion prevention
systems are not able to diferentiate between legitimate traic and attack traic.
Search WWH ::
Custom Search