9. The Application of Cybersecurity: Principles and Practices 227 threats who, as we have seen, often compromise user accounts. After compromising an account, a hacker has the same access as the compromised user. For this reason, compromising an administrator’s account is a major coup for the hacker, so the number of users who have admin access should be small. Hackers also exploit vulnerabilities in computer processes, and when they do this, they assume the permissions of that process. If the process is running with root privilege, then the hackers have access to the entire system. Systems administrators must take care when assigning access to processes and computer programs, and they must be highly vigilant in protecting their own credentials. Perfectly implementing the principle of least privilege is not possible. It would consume an enormous amount of resources and would not be worth the cost. However, that does not mean that the principle is not helpful. It should be aspired to and never flagrantly violated for expediency’s sake. 9.1.7 Defense in Depth “So the principles of warfare are: do not depend on the enemy not coming, but depend on our readiness against him. Do not depend on the enemy not attacking, but depend on our position that cannot be attacked.” - The Art of War by Sun Tzu The principle of defense in depth states that security should be implemented in layers. The idea is to put in place multiple barriers for an attacker, forcing him to overcome all of them in order to accomplish his objectives. A well-fortified medieval castle is a good illustration of defense in depth (see Figure 9.5). Picture a castle built on elevated ground and surrounded by a moat. The castle has thick, high walls with guards stationed on top. The bridge is the only way to get to the big iron gate, and then the gate must be open in order to enter the castle grounds. At the gate guards interrogate and inspect everyone who enters and leaves. Inside the castle grounds, the crown jewels are hidden behind lock and key in an interior room where more guards roam the halls. The crown jewels themselves are surrounded by booby traps. In order for a thief to get away with this castle’s bounty, he would need to overcome every single one of these obstacles both on the way in and on the way out! In the realm of cybersecurity, the closest thing we have to castle-like defenses may be data centers. Data centers are extremely high-value targets, therefore, they typically implement layers and layers of security. They are surrounded by prison-like fences forcing all cars to enter through the gate which is continually monitored by a security guard. Entering the building requires another round of authentication involving multiple factors, including biometrics. Security cameras are everywhere. Once inside the building, sensitive areas are protected by even more security measures. And these are just the physical space facility-based security measures! The idea of defense in depth is to make a hacker have to exert tremendous effort to overcome a barrier, only then to be confronted with another, even higher barrier. After that barrier is yet another barrier, etc. Each barrier drives up the costs of a successful attack.
RkJQdWJsaXNoZXIy MTM4ODY=