January 5, 2009

Onion Security

Onion Security is a methodology for securing a network in layers, like an onion. This type of security approach helps keep the network insulated against attacks.

The problem

You have a medium to large network, consisting of internal workstations and externally accessible servers. There are multiple vectors of attack available to a determined attacker.
Most networks rely on security measures such as perimeter firewalls to protect the entire network. In an environment where new vulnerabilities are being discovered daily, such an approach is ineffective. If you rely on a firewall, for example, and a network user visits a compromised web site, and is infected by a virus, the attacker now has a way around the perimeter defenses. Once the perimeter is breached, what protects the remaining resources on the network?

The Solution

Onion security is implemented by securing every resource on the network. This includes strong perimeter security measures as well as strong internal protection. Of course, every workstation and server should have effective and up to date anti-virus software, but in addition each workstation should have it’s own software based firewall. Most of the workstations on your network do not need to be able to communicate directly with one another. The firewalls should limit communication between workstations, and only allow communication with servers. This should help limit the spread of viruses and intrusions to the network.
Access to server resources such as shared files should also be limited. Financial information should only be accessible to users in the Finance department, for example, and marketing files should only be accessible to marketing personnel. In this way, a compromise can be further controlled. If a marketing computer is compromised, for example, the attacker cannot access anything from the finance department. This provides yet another layer of protection.

No comments: