9. The Application of Cybersecurity: Principles and Practices 227 who have admin access should be small. Hackers also exploit vulnerabilities in computer processes, and when they do this, they assume the permissions of that process. If the process is running with root privilege, then the hackers have access to the entire system. Systems administrators must take care when assigning access to processes and computer programs, and they must be highly vigilant in protecting their own credentials. Perfectly implementing the principle of least privilege is not possible. It would consume an enormous amount of resources and would not be worth the cost. However, that does not mean that the principle is not helpful. It should be aspired to and never flagrantly violated for expediency’s sake. 9.1.7 Defense in Depth “So the principles of warfare are: do not depend on the enemy not coming, but depend on our readiness against him. Do not depend on the enemy not attacking, but depend on our position that cannot be attacked.” - The Art of War by Sun Tzu The principle of defense in depth states that security should be implemented in layers. The idea is to put in place multiple barriers for an attacker, forcing him to overcome all of them in order to accomplish his objectives. A well-fortified medieval castle is a good illustration of defense in depth (see Figure 9.5). Picture a castle built on elevated ground and surrounded by a moat. The castle has thick, high walls with guards stationed on top. The bridge is the only way to get to the big iron gate, and then the gate must be open in order to enter the castle grounds. At the gate guards interrogate and inspect everyone who enters and leaves. Inside the castle grounds, the crown jewels are hidden behind lock and key in an interior room where more guards roam the halls. The crown jewels themselves are surrounded by booby traps. In order for a thief to get away with this castle’s bounty, he would need to overcome every single one of these obstacles both on the way in and on the way out! Figure 9.5 A medieval castle illustrating the defense in depth principle.
RkJQdWJsaXNoZXIy MTM4ODY=