Defense in Depth and Your Small Business

Even the smallest of businesses are not immune to Internet threats. Just a single security breach could bring your business operations to a halt, decreasing productivity, and potentially compromising data integrity, customer confidence, and revenue flow. And today's threats can come from anywhere – wired or wireless networks, internally or externally.

Gone are the good old days when identifying the network perimeter was easy, and securing it was just as straightforward – applying some simple security devices would do the trick. The introduction of new technologies, along with the increasing sophistication of Internet threats, calls for a defense in depth solution.

The downside of new technology
Along with increasing reliance on the Internet and email, today's small businesses are also embracing wireless mobility, instant messaging, and business-to-business applications. This makes good business sense – these technologies can dramatically enhance business operations – but at the same time you also need to be aware they are accompanied by a certain element of risk. Every new technology or device presents a new entry into your infrastructure, and could also be taken advantage of by an attacker and used as a conduit for attack if steps are not taken to secure the technology as it is introduced.

Complex blended threats
Blended threats employ multiple methods to discover and exploit network vulnerabilities, and then are able to self-replicate and self-propagate – and it can happen unbeknownst to the computer user. Blended threats like CodeRed and Nimda took the worst characteristics of viruses, worms, and Trojan horses, and combined them with server and Internet vulnerabilities in order to initiate, transmit, and spread. Blended threats are designed to exploit the vulnerabilities of security technologies working independently from one another, and that is why defense in depth is so crucial to protection of today's business. Speed of distribution of Internet threats has gone from weeks to days, days to hours. And with wireless connectivity, there is the potential for threats to spread in minutes, or even seconds.

Defense in depth components
"Defense-in-depth" means exactly what you might think: creating multiple layers of protection around your computers and valuable data. Multiple layers of security help keep the compromise of one level from causing a general compromise of the entire network. This layered defense is necessitated by the advent of blended threats and the blurred network perimeter. No business can afford to put itself at risk. To stay secured in today's highly connected world, you need to employ defense in depth.

Let's look at some important elements of defense in depth: Antivirus software provides protection from files that come into the network via email, Internet downloads, floppy disks, etc. Antivirus software should automatically check for newly discovered threats, periodically scan systems for those threats, and also watch in real time while new files are downloaded from the Internet or detached from email messages to make sure nothing unsafe gets through. Antivirus software should not only protect your workstations and servers, but also your firewalls and important applications like Web and email servers so that you can stop many problems where they before they can spread.

Firewalls provide an important line of defense in protecting your network and all of its data by screening the information entering and leaving a network to help ensure that no unauthorized access occurs. Firewalls also help protect your computer against DoS attack, and also against unwittingly participating in one. Intrusion Detection software constantly monitors the network for suspicious activity or head-on attacks, alerting you or your IT staff so you can take immediate action. Intrusion detection is especially useful when coupled with a firewall.

Virtual Private Networks (VPNs) are vital if you or your employees are connecting to the office network remotely. VPNs secure remote connections beyond the perimeter, allowing for safe communication across the Internet.

Disk Imaging – Even with the right mix of security safeguards, some extremely determined or imaginative hackers or tools may work their way around your defenses and into some of your systems. Sometimes it's hard to be certain of the extent of the compromise, and it might be more prudent to go back, and start from a safe point. A disk imaging solution can back up, and restore data to a previous and trusted state, so you can be confident in the integrity of the data.

More you can do
Outside of security technology, there are other things you can do to bolster your small business' defense in depth:

Stay up to date on patching – Be vigilant about checking for software updates to take advantage of security fixes and patches for holes that might leave you vulnerable to attack.

Create a security policy – Outline your information assets, and all access rights to that information. Remote access rules should be outlined here also.

Security awareness training - Educate employees so they know their role in maintaining the security of your business.

 Restrict and control network access – If you have any temporary or contract workers who need access to your network, be sure to give them only the access necessary to perform their job – and don't forget to revoke their access entirely once their job is done.

Enforce password management – Ensure that users change passwords regularly, and are careful to not post their user names and passwords out in the open.

Today's threats are becoming more prevalent and more advanced in both their methods of spreading and the damage they cause. The threats' complexity in both attack and propagation, paralleled by the growing complexity of the small business network, mean that single security measures are no longer adequate. You must implement security measures on all vulnerable points on your system, including your servers and desktops, and establish a multi-layered, comprehensive line of defense, or “defense in depth.”

--Reprinted from Symantec