Layered Security Configuration

Layered security is a crucial element for overall security and is implemented through overlapping layers providing protection at each level.

The key benefits of defense in depth strategy is that it provides measures corresponding to

  1. Protection
  2. Detection and
  3. Response

In many scenarios, layered security strategy mitigates the potential weakness of one layer by the strength of corresponding other layers.

Practically this strategy involved protecting an asset in a series of multiple layers - for instance at the perimeter layer (i.e. boundary between the internet and locally managed systems and network), a classic network security design would enable routers, firewalls, and intrusion detection (or prevention mechanisms to protect the network from cyber criminals and attackers.

In addition to the perimeter devices, further manual real time monitoring by resources to identify anomalies in the environment and finally the third layer would inculcate automated mechanisms triggering an action, in response to anomaly detection. Thus, defense in depth emphasizes on controls at every layer to provide comprehensive security.

Layered security can be related to multiple systems and services. To measure and define one's defense in depth stratagem, it is crucial to identify the key assets which need to be protected from potential threats. it would include - identifying the type of data, where it resides and what are the possible ways to reach to it. This, in turn, assists to define the approach in a more secure manner.

Potential Threats to Home / PC Users

  1. Phishing - It is one of the riskiest internet scams for households as potential targets are chosen through social media and other digital channels. Phishing emails may impersonate any aspect of an entity which a victim can relate (so to get convinced).
  2. Sophisticated malware- Along with the devastating virus and data stealing malware, ransomware is getting mainstream. It's a form of malware which exploits the human element and infiltrates any computing device and encrypting the content until a ransom is paid to the cyber criminal.

How to Implement Layered Security

Layered Security approach depends on multiple security layers around your system.
These layers consist of an Antivirus, Anti-Malware, Firewall and Intrusion Detection System.

Before going into details of each layer, it is necessary to make sure that there are no loopholes to exploit operating system. So, Windows should be kept up to date at all the times.

Word of Caution

Most security issues are related to vulnerabilities in the operating system.
If they are not patched in time, it could allow attacker to take control of your computer and infect with malware.

After a patch is released, the security hole becomes public knowledge if it wasn’t already. Attackers now know the problem and can rush to start exploiting it as soon as possible before people update.

Now, moving on to details of Layered Security Configuration.​

1

ANTIVIRUS

Up to date Anti-Virus forms the first line of defense against any security threat. Even though anti-virus is a valuable element in the overall security equation, it is not the only technology which may provide you with a comprehensive security.

Antivirus should be configured in such a way that:​

  • Scanning is scheduled daily either at the startup or during non peak hours.
  • It accept updates from a backup anti-virus server, in case the primary server fails.​
  • It automatically scans any externally connected storage media like Pen drive, CD Drive etc.

What you should look while choosing an Antivirus?

Lighter the better is our mantra.

This is because most of the packaged solution offers most essential features. You may take help of test results published by independent research labs like AV Test to compare and decide.

2

ANTI-MALWARE

In today's date, cyber criminals are exploring more avenues to identify the types of anti viruses used by individuals and trying to evade those to potentially disrupt the services.

Anti malware solutions are effective tools which look for anomalies and indicators of potential threats improving the overall threat posture of a system. Even though the intruders are getting better at evading anti virus tools, anti malware solutions help to mitigate sophisticated attacks to an environment.


What you should look in Anti-Malware?

  • It scans and removes all malware from the system without causing any system degradation.
  • The solution should have proactive scanning to protect against known and unknown threats.
  • Includes protection against Ransomware.
  • Ability to repair files damaged by Rootkits.

You may use MalwareFox which is a proven Antimalware solution with all the required features.

3

FIREWALL

A firewall in its simplest form is a boundary guard between two networks, usually an internal private network and the Internet. The main purpose of a firewall is to guard a trusted network from mistrusted parties on the outside that could access or tamper with internal information and resources.

Firewalls can be implemented as either hardware and software, or a combination of both. Firewalls are not just filters, but also gateways and chokepoints.

Let's consider a computer totally devoid of any security application but a dedicated firewall only.
App like Tinywall or Windows Firewall Control can provide protection against 3 types of malware:

  1. Ransomware- Some ransomware must contact the C&C server before any encryption can take place. So, you get an outbound connection alert when ransomware runs. Block it and it won't be able to harm your data.
  2. Keyloggers- They can log almost anything. Problem occurs when the recorded data is transmitted to the cyber criminals who can misuse it. Damage can be prevented if you stop any malicious connection to happen from your end.
  3. Remote Access Trojan (RAT): Some RATs will operate by injecting directly into a legitimate Windows process like svchost, using this to connect out instead of some other executable that can be grossly apparent. Firewalls will not only block the hollowed process from connecting out, but they do it silently with any user input.

For personal computing, Antivirus firewalls are sufficient to capture critical attacks and malware. In some cases where the user has sensitive information in his system, it is recommended to have another layer of firewall above the anti-virus solution. Zone alarm, Glasswire and Comodo provides some of the best of breed firewalls.

4

INTRUSION PREVENTION SYSTEM (IPS)

IPS is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents as per the actions configured. IPS extends the function of IDS by detecting potential threats and invoking actions to mitigate the risk.

There are many types of IPS technologies, which are differentiated primarily by the kinds of events that these devices can identify and the methodologies that they use to identify incidents. In addition to monitoring and analyzing the events to recognize unwanted activity, all types of IPS technologies typically perform extensive tracking and recording of events which are critical to an environment.

IPS technologies are differentiated from IDS technologies primarily by one major characteristic: IPS can respond (or take an action) to a detected threat by making an attempt to prevent it from succeeding. They utilize numerous response practices, which can be segregated into the following groups:

 The IPS stops the attack itself - Illustrations of in what way this could be done are as follows:

  • Terminate the active network connection or user session which is being used for the attack.
  • Block the corresponding access to the target (or possibly other likely targets) from the offending user account, IP address, or other attacker attributes.
  • Block all access to the targeted host, service, application, or another resource.
  • The IPS can modify the security environment - The IPS could alter the configuration of other security controls and measures to disrupt an attack. Such as reconfiguring a network device (e.g., firewall, router, switch etc.) to block access, and changing a host-based firewall configuration on a target to block incoming attacks.

In general, Host based intrusion prevention systems are getting mainstream for personal computing. MalwareFox in addition to providing protection against new malware also have comprehensive features for host based intrusion prevention system. It can block access to the target system from malicious hosts, services, application and other resources.

Most Computer problems are caused by a Loose nut between the Chair and Keyboard.

Click to Tweet
5

YOU / COMMON SENSE


No matter how strong the security setup is, it is useless if you make a wrong choice. Most security software are programmed to make use of artificial intelligence and behavioral blocking to make correct decisions without manual intervention. However, you as a user should also practice safe while computing.

Some safe practices involve:

  • Don't browse or download anything from suspicious websites.
  • Don't run Crack / Keygen outside virtual environment
  • Don't give login credentials to anyone including your friends and family.
  • There's more...

We have prepared an ultimate guide called Unbreakable which reveals step by step security configuration to make your PC Unhackable.

Leave a Reply 11 comments

Alisha Stewart - February 22, 2017 Reply

I absolutely agree with all of this, especially common sense. And I think that it’s worth mentioning that the majority of people who got infected were simply ignorant and lacked common sense, I hope that this guide will finally open their eyes.

Robert Dreher - February 23, 2017 Reply

It’s amazing how many people think that they are fully protected simply by installing an Antivirus, there is so much more to it and this post is the proof.

    Maximilian Rothschild - February 24, 2017 Reply

    I know right? There were countless times that I asked friends and family what Anti-Malware and Firewall they use, and they were just standing there looking at me completely dumbfounded.

      Sven Schneider - February 28, 2017 Reply

      This is nothing, I’ve met numerous humans that never bothered to check for Windows Updates and they had turned automatic updating off because they thought that it was unnecessary. So yeah, ignorance is a bliss.

Sam Kaufmann - February 27, 2017 Reply

Phishing is probably one of the dirtiest and most nasty ways for someone to earn money, even a burglar has more honor than a hacker like that.

    Lukas Vogler - March 1, 2017 Reply

    “Even a burglar has more honor” Old school guy detected hahaha.

      William Ménard - March 2, 2017 Reply

      He is right though, people who are phishing are the worst.

Mayhew Chnadonnet - March 3, 2017 Reply

“Don’t browse or download anything from suspicious websites” I find that really hard to do, especially with torrent websites, everything looks suspicious there.

    Adriana Fredriksson - March 6, 2017 Reply

    You should avoid torrent websites as much as possible, they are full of viruses and malicious ads.

      Gabriele Davide - March 7, 2017 Reply

      It’s true that they are full of viruses, but if you’re careful you should be able to get away with it.

Giuliana Lorenzo - March 8, 2017 Reply

I suppose that you’re referring to illegal torrent websites??? Not all torrents are malicious, for example, it’s common for Linux distros to use torrents so that they can promote their distro without spending too much money on servers. I think it’s for the best if you stop visiting illegal websites and get all of your content from legitimate sources.

Leave a Reply: