Even the Dopeman uses Defense-In-Depth

Even The Dopeman uses Defense-In-Depth

Photo by alan King on Unsplash

4 January 2021

It may be easier to grasp the concept, strategy, implementation, etc. of Defense-In-Depth from a not so cyber perspective. In fact, that may be necessary from the jump. When you consider that a cybersecurity scenario is only relevant to people, then, the security of the assets begins and end with people- not computer systems. And although there’s tons of situations that warrant the application of Defense-In-Depth, there’s one that I can think of who can not only benefit from D-I-D but may also help Cybersecurity professionals with different backgrounds who are struggling with understanding the concept gain an absolute breakthrough.

From that perspective we proceed. If I’m the man in the hood. You know, The Man. I have a sick stash of cash and other assets that need to be protected. Not only do the assets themselves need to be protected from the primary, obvious physical threats, there are other parts of the puzzle that ties into the protection of the assets themselves.

For instance, how about phone numbers and addresses? Everyone can’t have The Mans number, right? I’m not supposed to be able to call The Man up whenever I feel like exploring extra-curricular activities more less showing up at one of his “secret” spots knocking on the door.  Let’s say I did come across The Man’s phone number or location. When I called or showed up, what’s my spiel. I’m not even supposed to know who this guy is nor what he is doing.

How about the type of information that The Man deals with? If I’m the man, how do I keep my clientele and financial information a secret and secure? Think of all the possible homies that can get caught up on their phones talking, texting, and chatting prices. The implications are enormous.  Any of which could be minimized if The Man employed some type of D-I-D strategy.

Underworld activities and scenarios make Defense-in-Depth easy to comprehend. Applying what we know of Defense-in-Depth from Cybersecurity to the above scenario, it’s clear that our “Man” here needs Defense-In-Depth to be able to sleep comfortably behind those ironclad doors in his bed that’s guarded by the two Rottweilers that he often feeds lead to. From surveillance, to encryption, to least to know, to separation of duties, to least privileges, you name it. Defense-In-Depth is the only strategy that offers The Man’s operation and assets a chance of a healthy security posture. 

Then, sometimes a concept like D-I-D can more so be understood if it’s presented in the form of a rhyme. There are six key strategies for Defense-In-Depth that may best be understood when waxed about poetically. They are:

Authenticate and authorize all network users

Use VLANs for traffic separation and coarse-grained security

Use firewall technology for fine-grained security

Place encryption throughout network to ensure privacy

Detect threats to the integrity of the network and remediate them

Include End-Point Security in Policy Enforcement

 

 

“From surveillance, to encryption, to least to know, to separation of duties, to least privileges, you name it. Defense-In-Depth is the only strategy that offers The Man’s operation and assets a chance of a healthy security posture. “

Defense-in-depth

I push security into the network itself,

And Like a router I keep track of every

deal I ever dealt.

Defense-in-depth is not a product

like a

perimeter firewall

Instead,

it is a security architecture,

that calls.

For the network,

to be aware and self-protective,

but naw’…

Y’all,

don’t know the six key strategies

and so you fall.

Because…

You must authenticate and authorize all users,

We don’t know what your guys are talking bout’

So don’t confuse us or you’ll lose us.

 

VLAN’s are used for security isolation,

but it’s danger in packet leakage and….

the misconfigurations.

Using firewalls,

for fine-grained containment’s not ideal

If I’m a vendor,

my battles trying to sell you this’ uphill.

This the community’s first attempt at threat…

identification,

So, identify,

notify,

then attempt… remediation. 

Why?

Your user’s system may range,

From a laptop,

that’s owned,

and managed,

by the dude out in the shop.

To spy-ware, infected keystrokes…

To Trojan-hosting systems,

Sniffers that listen,

Falling victim to Phishers.

End-Point security in Policy Enforcement is six,

Just keep with three or four zone to be sufficient at this!

 

As usual this post was not meant to scare or belittle you, but only to enlighten you. If you gained any insight into vulnerabilities and how they may affect your organization please subscribe here for more, follow us here, and like us here. With that, I am going to leave you how I came…in peace, so, Peace!

Hack on, Ladz and Gentz….

.