Cake layers rule – Security Blog #8

As the 8th blog regarding security, I will talk about the computer security layers. There are some people who state that there are 5, there are some people who say there are 8. What I mostly found during the investigation is that there are security layers as layers in the cake (Including the top frosting), 7.

What you, dear reader, need to remember during the reading of this entry, is that this set of rules can be implemented either by a network system administration or a regular single computer user.

The logic behind the security layers is the following: A single defense will be ineffective or flawed if the defense mechanism leaves unprotected areas, with its protective layer (umbrella), empty. That it’s why the layer’s purpose is to cover those empty spots. Theoretically, the empty areas on each layer would be so different, that an attack can’t penetrate through all the holes, and the service would remain available.

8234883949_e9e1be1f17_k
“20121201-_IGP1571” by Tim Ebbs (CC https://creativecommons.org/licenses/by-nc-nd/2.0/). Taken from https://www.flickr.com/photos/ebbsphotography/8234883949/
  1. Application Whitelisting: The objective is to install just a set of limited programs and applications in the administered computers. The fewer applications, the fewer possibility there is of a breach.
  2. System Restore Solution: This is one of the most talked security solutions in the classroom. Basically, it consists of creating a plan of action when the hack peril arouses.  This would let the user gain access to their files, even if the system is hacked and damaged files remain.
  3. Network authentication: A system of usernames and passwords must be taken into place. This would give access only to authorized users. This means no login without a password prompt.
  4. Encryption: All of your files, disks and the rest of removable devices should be encrypted. This will provide a method for users to not risk an information breach, as the encrypted USB (Or any device), will not be able to be read on a foreign machine.
  5. Remote authentication: This is a very obvious rule. It consists of setting usernames and passwords for remote server access. These usernames and passwords should only be provided to trustworthy users. This is the obvious part.
  6. Network folder encryption: Most of the websites that deal with this topic, consider that this layer should be included in layer 4. I guess it is different enough that I would let it pass as a different layer (As not everyone uses this features). This concept consists of also managing the encryption of shared data. This will prevent users from listening unauthorized access to the network information.
  7. Secure Boundry and End-To-End Messaging: This basically consists of using emails and instant messaging as a secure method of communication, rather of dealing with the encryption from the server to the user and vice-versa.

And I guess that that is a simple and easy summary of the 7 layers. Remember to implement all the layers you are capable of activating or at least finding someone who cans helps you.

Cherio.

Miguel Angel Montoya
Esperanto enthusiast
ʕ•ᴥ•ʔ

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión /  Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )

Conectando a %s