27/1/2019 TestOut LabSim

2.2.1 The Layered Security Model

The Layered Security Model

Defending a network from threats and attacks isn't easy. As a security professional, you need to be vigilant to every entry point, vulnerability,
attack surface, and other potential threats to your organization. And you must neutralize or eliminate every single one.

Luckily, there's a way to make defending your network and organization a bit more manageable. In this lesson, we're going to explore the layered
security model strategy.

What is Layered Security?

Layered security, sometimes called defense-in-depth security, is a security approach that combines multiple security controls and defenses to
create a cumulative effect.

For example, you can encrypt data on a hard drive. But that hard drive can also be inside a workstation that contains a host-based firewall and
anti-malware software. And that workstation could be physically secured to a desk inside a locked office, which is inside a controlled-access
building, which is surrounded by a fence.

As you can see, each of these security measures provides an added level of security and deterrence. Alone, they may not be enough protection.
But together, they create a cumulative security effect that protects sensitive information on the hard drive.

The layered security model breaks down each security layer into specific categories. In this course, we've divided it into seven security layers:
Policies, Procedures, and Awareness; Physical; Perimeter; Network; Host; Application; and Data. Each of these layers contains a subset of subjects
and practices necessary for an effective defense.

We're going to do a basic overview of each layer. As you go through the course, you'll learn about each one in detail.

Policies, Procedures, and Awareness

The first layer is the Policies, Procedures, and Awareness segment. This layer concerns things like user education, manageable network plans, and
how to manage employee onboarding and offboarding. It also covers application development policies, third-party integration policies, and
general employment and user management policies, such as if an employee can connect a mobile device to the company network, or how
complex a user's password must be.

Physical
Next is the Physical layer. This layer is concerned with the various types of physical threats and how to defend against them. To physically protect
an organization effectively, we must be familiar with fences, door locks, mantraps, turnstiles, device locks, server cages, cameras, motion detectors,
and even environmental controls.

Perimeter
The Perimeter layer deals with your network's perimeter defense. This is the first line of defense against network attacks. For a remote attacker to
gain access to your network, they first need to penetrate this layer. Consequently, it's vital to fully understand the perimeter layer.

To properly secure this layer, you need to recognize the various types of perimeter attacks such as a DDoS or DNS attack. You also need to
understand the various tools to defend against these attacks, such as properly configuring firewalls using ACLs or effectively securing a wireless
network.

Network
Inside the perimeter is the fourth security layer—"the Network layer.

To properly secure secure your network you must be able to identify when an intrusion occurs. You also need to know how to install and configure
switches and routers, implement VLANs, perform penetration testing, and utilize virtualization.

Perimeter and Network layers often merge since they share some interrelated topics and domains, but it's still beneficial to approach them as two
separate layers.

Host
Next, we have the Host layer. This layer covers the security of each individual workstation, laptop, and mobile device. The Host layer includes log
management, OS hardening, patch management and implementation, auditing, and even malware and password attacks.

Application
The sixth layer is the Application layer. As its name implies, the Application layer deals with applications. It also deals with how users access
applications and resources. As such, it deals with authentication and authorization, user management, group policies, and even web application
security.

https://cdn.testout.com/client-v5-1-10-551/startlabsim.html 1/2
27/1/2019 TestOut LabSim
Data
The last segment in our security model is the Data layer. To effectively secure this layer, you must understand how to store data properly, destroy
data, and classify data. You also need to be very familiar with cryptography and securing data transmissions. And like we mentioned with the
previous layers, you must be able to recognize how attackers will try to access your data, and how to defend against them.

Summary
Now, it's important that you don't misunderstand the definition of layered security.

A layered security approach doesn't mean going out and purchasing dozens of security devices and hardware components and connecting them to
the network hoping one of them stops an attack or identifies a threat. That approach would create an unmanageable and insecure network.

Instead, layered security is a systematic approach to organizational security that identifies the best protection solution for each security layer, so if
necessary, each layer can effectively stand on its own.

For example, at the Data layer, our encryption policies and protocols should suffice that if we experienced a physical security breach where a hard
drive was stolen, then that thief wouldn't be able to access the information stored on it.

Similarly, at the Policies, Procedures, and Awareness layer, users should be sufficiently knowledgeable and trained so that a malware or spam
filtering device in the Perimeter layer would be unnecessary, or malware protection at the Application layer would be superfluous.

Nevertheless, layering security obstacles in the path of would-be attackers helps ensure an organization's security. And we do this by following the
layered security approach and implementing a layered defense.

TestOut Corporation All rights reserved.

https://cdn.testout.com/client-v5-1-10-551/startlabsim.html 2/2