Layered security is a crucial element for overall security and is implemented through overlapping layers providing protection at each level.
The key benefits of defense in depth strategy is that it provides measures corresponding to
- Detection and
In many scenarios, layered security strategy mitigates the potential weakness of one layer by the strength of corresponding other layers.
Practically this strategy involved protecting an asset in a series of multiple layers - for instance at the perimeter layer (i.e. boundary between the internet and locally managed systems and network), a classic network security design would enable routers, firewalls, and intrusion detection (or prevention mechanisms to protect the network from cyber criminals and attackers.
In addition to the perimeter devices, further manual real time monitoring by resources to identify anomalies in the environment and finally the third layer would inculcate automated mechanisms triggering an action, in response to anomaly detection. Thus, defense in depth emphasizes on controls at every layer to provide comprehensive security.
Layered security can be related to multiple systems and services. To measure and define one's defense in depth stratagem, it is crucial to identify the key assets which need to be protected from potential threats. it would include - identifying the type of data, where it resides and what are the possible ways to reach to it. This, in turn, assists to define the approach in a more secure manner.
Potential Threats to Home / PC Users
- Phishing - It is one of the riskiest internet scams for households as potential targets are chosen through social media and other digital channels. Phishing emails may impersonate any aspect of an entity which a victim can relate (so to get convinced).
- Sophisticated malware- Along with the devastating virus and data stealing malware, ransomware is getting mainstream. It's a form of malware which exploits the human element and infiltrates any computing device and encrypting the content until a ransom is paid to the cyber criminal.
How to Implement Layered Security
Layered Security approach depends on multiple security layers around your system.
These layers consist of an Antivirus, Anti-Malware, Firewall and Intrusion Detection System.
Before going into details of each layer, it is necessary to make sure that there are no loopholes to exploit operating system. So, Windows should be kept up to date at all the times.
Word of Caution
Most security issues are related to vulnerabilities in the operating system.
If they are not patched in time, it could allow attacker to take control of your computer and infect with malware.
After a patch is released, the security hole becomes public knowledge if it wasn’t already. Attackers now know the problem and can rush to start exploiting it as soon as possible before people update.
Now, moving on to details of Layered Security Configuration.
Up to date Anti-Virus forms the first line of defense against any security threat. Even though anti-virus is a valuable element in the overall security equation, it is not the only technology which may provide you with a comprehensive security.
Antivirus should be configured in such a way that:
- Scanning is scheduled daily either at the startup or during non peak hours.
- It accept updates from a backup anti-virus server, in case the primary server fails.
- It automatically scans any externally connected storage media like Pen drive, CD Drive etc.
What you should look while choosing an Antivirus?
Lighter the better is our mantra.
This is because most of the packaged solution offers most essential features. You may take help of test results published by independent research labs like AV Test to compare and decide.
In today's date, cyber criminals are exploring more avenues to identify the types of anti viruses used by individuals and trying to evade those to potentially disrupt the services.
Anti malware solutions are effective tools which look for anomalies and indicators of potential threats improving the overall threat posture of a system. Even though the intruders are getting better at evading anti virus tools, anti malware solutions help to mitigate sophisticated attacks to an environment.
What you should look in Anti-Malware?
- It scans and removes all malware from the system without causing any system degradation.
- The solution should have proactive scanning to protect against known and unknown threats.
- Includes protection against Ransomware.
- Ability to repair files damaged by Rootkits.
You may use MalwareFox which is a proven Antimalware solution with all the required features.
A firewall in its simplest form is a boundary guard between two networks, usually an internal private network and the Internet. The main purpose of a firewall is to guard a trusted network from mistrusted parties on the outside that could access or tamper with internal information and resources.
Firewalls can be implemented as either hardware and software, or a combination of both. Firewalls are not just filters, but also gateways and chokepoints.
Let's consider a computer totally devoid of any security application but a dedicated firewall only.
App like Tinywall or Windows Firewall Control can provide protection against 3 types of malware:
- Ransomware- Some ransomware must contact the C&C server before any encryption can take place. So, you get an outbound connection alert when ransomware runs. Block it and it won't be able to harm your data.
- Keyloggers- They can log almost anything. Problem occurs when the recorded data is transmitted to the cyber criminals who can misuse it. Damage can be prevented if you stop any malicious connection to happen from your end.
- Remote Access Trojan (RAT): Some RATs will operate by injecting directly into a legitimate Windows process like svchost, using this to connect out instead of some other executable that can be grossly apparent. Firewalls will not only block the hollowed process from connecting out, but they do it silently with any user input.
For personal computing, Antivirus firewalls are sufficient to capture critical attacks and malware. In some cases where the user has sensitive information in his system, it is recommended to have another layer of firewall above the anti-virus solution. Zone alarm, Glasswire and Comodo provides some of the best of breed firewalls.
INTRUSION PREVENTION SYSTEM (IPS)
IPS is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents as per the actions configured. IPS extends the function of IDS by detecting potential threats and invoking actions to mitigate the risk.
There are many types of IPS technologies, which are differentiated primarily by the kinds of events that these devices can identify and the methodologies that they use to identify incidents. In addition to monitoring and analyzing the events to recognize unwanted activity, all types of IPS technologies typically perform extensive tracking and recording of events which are critical to an environment.
IPS technologies are differentiated from IDS technologies primarily by one major characteristic: IPS can respond (or take an action) to a detected threat by making an attempt to prevent it from succeeding. They utilize numerous response practices, which can be segregated into the following groups:
The IPS stops the attack itself - Illustrations of in what way this could be done are as follows:
- Terminate the active network connection or user session which is being used for the attack.
- Block the corresponding access to the target (or possibly other likely targets) from the offending user account, IP address, or other attacker attributes.
- Block all access to the targeted host, service, application, or another resource.
- The IPS can modify the security environment - The IPS could alter the configuration of other security controls and measures to disrupt an attack. Such as reconfiguring a network device (e.g., firewall, router, switch etc.) to block access, and changing a host-based firewall configuration on a target to block incoming attacks.
In general, Host based intrusion prevention systems are getting mainstream for personal computing. MalwareFox in addition to providing protection against new malware also have comprehensive features for host based intrusion prevention system. It can block access to the target system from malicious hosts, services, application and other resources.
Most Computer problems are caused by a Loose nut between the Chair and Keyboard.
YOU / COMMON SENSE
No matter how strong the security setup is, it is useless if you make a wrong choice. Most security software are programmed to make use of artificial intelligence and behavioral blocking to make correct decisions without manual intervention. However, you as a user should also practice safe while computing.
Some safe practices involve:
- Don't browse or download anything from suspicious websites.
- Don't run Crack / Keygen outside virtual environment
- Don't give login credentials to anyone including your friends and family.
- There's more...
We have prepared an ultimate guide called Unbreakable which reveals step by step security configuration to make your PC Unhackable.