Have they stopped teaching Defense in Depth?

• Previous message (by thread): Have they stopped teaching Defense in Depth?
• Next message (by thread): Have they stopped teaching Defense in Depth?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 15, 2011 at 3:16 PM, Jay Ashworth <jra at baylink.com> wrote:
>> You can seek layers from other sources but a shallow security process
>> will tend to be easily breached.
> But mounting *that* attack requires insider knowledge of 4 or 5 layers of
> extra information which will be necessary to exploit such an attack.
>
> My estimation is that that makes that layer of your defense in depth "thicker"
> than some other layers might be.

Security in depth is a proper approach, but NAT is not a security control,
and  NAT does not make the firewall defense "thicker"

The maginot line was "thick".
Before you can properly consider your layers of defense to have a
certain thickness,
you have to consider types of attack,  and whether your changes
actually make the layers
they defeat any thicker.

Now... what would you say is the most common way of defeating a
properly implemented firewall?

(1) The attack follows _allowed_  paths through the firewall,  for
example,  the attack comes through
a port forward that  has been configured on the firewall  with an ACL
that is open too wide.

Or,  the attack is against a legitimate user's outbound connection,
for example:
a user behind the firewall  connects to a web site,  a vulnerability
in their browser is exploited
to install a trojan  --  the trojan tunnels to the attacker over an
outgoing port that is allowed on the firewall.

And
(2) The intruder compromises the firewall and gains control of it.


In the case of (1),  NAT does not add any "thickness" to the security
model,  the workstation behind the firewall has full knowledge of its
own private IP addressing.

The only way you will use NAT to effectively hide information is if
the compromised machine is not privvy to the IP network addressing of
the sensitive resources.

In the case of (2),  NAT does not add any thickness to the security
model,  because the attacker gains knowledge of the Firewall's entire
configuration.

This is a reason a network with truly sensitive resources where
integrity is the greatest security objective should often have
multiple separate Firewall units   made by different manufacturers
administered independently by different groups  of security admins;
an outer firewall  in between the Internet and the DMZ, a second
firewall in between the DMZ and the Internal network,  and a third
firewall in between the Internal network and say the SCADA control
network.


--
-JH

• Previous message (by thread): Have they stopped teaching Defense in Depth?
• Next message (by thread): Have they stopped teaching Defense in Depth?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]