Who is Using Cyberthreat Intel & How? Take Survey - Enter to Win iPad

Intrusion Detection FAQ: I have often heard that the best approach to computer security is to use a layered approach. Can you describe this approach and how an IDS fits in?

The layered approach can best be compared as an analogy of weathering out a winter storm. Many people know the feeling of being stuck at home during a winter blizzard. The things one does in a winter storm are to heat some soup, turn up the furnace, snuggle up under the blankets, and start a fire in the fireplace. All of these things lead to a warm and secure feeling while waiting for the storm to pass. It's this utilization of separate things in the household that results in an overall approach that gives us that warm and fuzzy feeling in a winter storm. Thus, computer security is the most effective when multiple layers of security are used within an organization.

The most common misconception is that a firewall will secure your computer facilities and additional steps don't need to be taken. A firewall is just one component of an effective security model. Additional components or layers should be added to provide an effective security model within your organization. The security model that will protect your organization should be built upon the following layers:

  1. Security policy of your organization
  2. Host system security
  3. Auditing
  4. Router security
  5. Firewalls
  6. Intrusion detection systems
  7. Incident response plan
Using multiple layers in a security model is the most effective method of deterring unauthorized use of computer systems and network services. Every layer provides some protection from intrusion, and the defeat of one layer may not lead to the compromise your whole organization. Each layer has some inter-dependence on other layers. For example, the intrusion detection systems and the incident response plan have some interdependencies. Although they can be implemented independently, it's best when they're implemented together. Having an intrusion detection system that can alert you to unauthorized attempts on your system has little value unless an incident response plan is in place to deal with problems. The most important part of overall security organization is the security policy. You must know what you need to protect and to what degree. All other layers of the security model follow logically after the implementation of the organization security policy.

In summary, an intrusion detection system is just one component of an effective security model for an organization. The overall security integrity of your organization is dependent upon the implementation of all layers of the security model. The implementation of the layered approach to security should be undertaken in a logical and methodical manner for best results and to ensure the overall sanity of the security personnel.

Peter Watson
Senior Security Architect
Purolator Courier Corp.