SANS Technology Institute: Security Laboratory
Welcome to the Security Laboratory. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. The "Security Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Security 401 Security Essentials and the GIAC Security Essentials Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Security Laboratory Article Feed
- Security Laboratory: Defense In Depth Series
Hybrid Threats - June 18th, 2008
By Stephen Northcutt
Though it is certainly true that malware has evolved a lot in this decade, the tools in use today are more similar than different from the attacker tools of ten years ago. The command and control is better, they are better able to evade detection, but still they are very similar. Here we take a look at hybrid threats: in the early days of malware, it was fairly easy to classify malware as a virus, worm, or Trojan, but these days many attacks use features of each other.
Can you build a Defense in Depth architecture without an architect? - Updated May 13th, 2008
By Stephen Northcutt, J. Michael Butler and the GIAC Advisory Board
Version 1.1We interviewed a number of GIAC Advisory Board members who have been working as architects for major enterprises as to what they look for an architecture position.
The Attack Surface Problem - November 6th, 2007
By Stephen Northcutt
One of the most important things to understand about defense in depth is attack surface. We can define attack surface as our exposure, the reachable and exploitable vulnerabilities that we have.
The Uniform Method of Protection to Achieve Defense-in-Depth - February 26th, 2007
By Stephen Northcutt
The uniform method of protection for defense-in-depth generally involves a firewall separating the internal trusted zone from the Internet, most implementations have anti-virus in the mail store and forward on the servers and desktops. It generally means that all internal hosts receive the same level of protection from attack by the computer network infrastructure. It is the most commonly and easily implemented architecture and least effective in terms of achieving a high degree of information assurance unless all IT contained information assets are of equal importance to the organization.
Security Convergence and The Uniform Method of Protection to Achieve Defense in Depth - September 7th, 2007
By Stephen Northcutt
Security convergence is an interesting trend that has been picking up speed heading into 2008. We are running network information that was formerly analog over our digital data networks, we are converging formerly separate network devices, especially at the perimeter, and we are starting to see physical and classic network security groups beginning to merge. If the trend continues unabated, it will end up saving us a lot of money and giving us a lot less actual remediation of risk than past practice.
Protected Enclaves Defense-in-Depth - February 26th, 2007
By Stephen Northcutt
Protected enclaves simply means subdividing the internal network so that it is not one large zone with no internal protections. This architectural approach to information security defense-in-depth can be accomplished in a number of ways.
Information Centric Approach to Defense-in-Depth - February 26th, 2007
By Stephen Northcutt
As an information security manager it is critical to understand and to be able to help others understand the value of information. In addition to richly valuable information such as intellectual property (patents, trademarks, copyrights, know how, data schema) there is also data including the increasingly important business record. Is the uniform approach to Defense-in-Depth appropriate when it comes to information?
Vector Oriented Defense in Depth - February 26th, 2007
By Stephen Northcutt
"You shall not pass", cried Gandalf standing on a narrow rock bridge facing the Balrog at the mines of Moria. Gandalf's resolve was unshakable. The actor portrayed the moment extremely well, showing fear and dread, yet a unshakable determination, proclaiming "You shall not pass!" And, through the magic of movie making, leaves those of us in the information security manager community with a fantastic word picture of vector oriented defense-in-depth.
Role Based Access Control to Achieve Defense in Depth - Updated December 26th, 2007
By Stephen Northcutt based on research work by Richard Hammer and Peter Leight
Role-based access control (RBAC) is an access control method that organizations implement to ensure that access to data is performed by authorized users, and enterprise based RBAC is accomplished with Network Access Control (NAC).
