Multi-Layered Approach to Cyber Security
The internet has become a primary conduit for cyber-attack activities, with hackers channeling
threats through social-engineering attacks and even using legitimate websites, meaning that
more people are at greater risk than ever before. Financial fraud, phishing, malware, man-in-the-middle,
man-in-the-browser and man-in-the-mobile attacks continually result in huge losses for consumers
and companies alike. This has prompted the cyber security technology market to flourish and
make significant strides in revenue. However, it's important not to lose sight of the fact
that the end goal is to protect as many end users as possible.
The criminals target end users to make money, and as cyber security providers, we need
to protect consumers and companies from these targeted attacks. To successfully thwart attacks,
a multi-layered approach to security is best. A multi-layered approach can be tailored to different
levels of security. Not every asset needs to be completely secure; instead, only the most business
critical assets, such as proprietary and confidential information, can be protected by the
most restricted settings. If one system fails, there are other systems functioning. By using
multiple systems to mitigate damage, the organization can ensure that even if one (or multiple)
systems fail, the system itself is still protected.
There are many niche solutions - and threats. Organizations today often need to maintain
multiple cyber security applications, such as antivirus programs, anti-spyware programs, and
Typical multi-layer approach involves five areas: physical, network, computer, application and device.
Physical Security - It seems obvious that physical security would be an important
layer in a defense-in-depth strategy, but don't take it for granted. Guards, gates, locks,
port block-outs, and key cards all help keep people away from systems that shouldn't touch
or alter. In addition, the lines between the physical security systems and information systems
are blurring as physical access can be tied to information access.
Network Security - An essential part of a plant's information fabric, network
security should be equipped with firewalls, intrusion detection and prevention systems (IDS/IPS),
and general networking equipment such as switches and routers configured with their security
features enabled. Zones establish domains of trust for security access and smaller local area
networks (LANs) to shape and manage network traffic. A demilitarized zone between the industrial
plant floor or space and the IT and corporate offices allows data and services to be shared securely.
Computer Hardening - Well known (and published) software vulnerabilities are the
number one way that intruders gain access to automation systems. Examples of Computer Hardening
include the use of:
• Antivirus software
• Application white-listing
• Host intrusion-detection systems (HIDS) and other endpoint security solutions
• Removal of unused applications, protocols and services
• Closing unnecessary ports
Computers on the plant floor (like the HMI or industrial computer) are susceptible to
malware cyber risks including viruses and Trojans. Software patching practices can work in
concert with these hardening techniques to help further address computer risks. Follow these
guidelines to help reduce risk:
• Disable software automatic updating services on PCs
• Inventory target computers for applications, and software versions and revisions
• Subscribe to and monitor vendor patch qualification services for patch compatibility
• Obtain product patches and software upgrades directly from the vendor
• Pre-test all patches on non-operational, non-mission critical systems
• Schedule the application of patches and upgrades and plan for contingencies
Application Security - This refers infusing industrial control system applications with
good security practices, such as a Role Based Access Control System, which locks down access to critical
process functions, force username/password logins, combinations, etc.
Device Hardening - Changing the default configuration of an embedded device out-of-the-box
can make it more secure. The default security settings of PLCs, PACs, routers, switches, firewalls and other
embedded devices will differ based on class and type, which subsequently changes the amount
of work required to harden a particular device. But remember, a chain is only as strong as its weakest link.
An IT MSP can aid an organization in transitioning towards a defense in depth strategy
in three major ways. IT MSPs are able to chart a course for the organization, so that they
can better transition to this type of strategy without business disruption. IT MSPs can also
identify the best technology, using their advanced knowledge of current cyber security measures
and the threats that the organization is most likely to face.
More Network Security Articles:
• Network Security Across the Enterprise
• What is Network AAA (Authentication, Authorization, and Accounting)?
• What is a SQL Injection Attack?
• Network Security Model - Defining an Enterprise Security Strategy
• Cyber Security Tips for Small and Medium Business (SMB)
• ARP, MAC, Poisoning, and WiFi Security
• Man in the Middle Attack
• Design a Network Security Policy
• Denial of Service Attack (DoS) Detection and Mitigation
• What is Penetration Testing?