Introducing Defense-in-Depth to a Small ISP
With the recent spate of worms and vulnerabilities, and the increasing public awareness of same, a rural Internet Service Provider (ISP) requested some assistance in assessing the security of their production server and network environment. The ISP has limited in-house technical resources, and utilizes consultants on an as-needed basis. After a few service interruptions due to security-related issues (worms, web site defacement, Denial-of-Service attacks), I was asked to provide some specific recommendations on how to increase security and availability, without significantly increasing complexity or adversely affecting service usability. Utilizing a 'defense-in-depth' approach to security I assessed their environment made recommendations and then re-assessed the environment to measure the impact of the changes. The layered nature of a 'defense-in-depth' strategy as outlined in the SANS Security Essentials track seemed to make the most sense in this situation. Several areas were addressed which significantly increased security yet did not take away from the usability of the services being offered.
1293 (PDF, 1.98MB)
21 Dec 2003Related Content
Denial of Service Deterrence
Research PaperDenial of Service has been a very useful practice for attackers and continues to remain prevalent...
- 1 Apr 2015
Practical El Jefe
Research PaperEl Jefe is open source process monitoring software for Windows. With this tool, incident handlers...
- 31 Mar 2015
Using Influence Strategies to Improve Security Awareness Programs
Research PaperEven companies with extensive, well-funded security awareness programs fall victim to attacks...
- 25 Oct 2013
Talking Out Both Sides of Your Mouth: Streamlining Communication via Metaphor
Research PaperAs Security is a relatively new field, we are still learning how to communicate what we know with...
- 4 Oct 2013
Information Risks and Risk Management
Research PaperThis brief will cover the various exposures that companies now face as they increasingly rely on...
- 1 May 2013
Surfing the Web Anonymously - The Good and Evil of the Anonymizer
Research PaperCompanies of all sizes spend large amounts of time, resources, and money to ensure that their...
- 8 Oct 2012
Robots.txt
Research PaperAlthough this GIAC gold paper is not about search engine optimization, or SEO, this paper will...
- 31 May 2012
A Process for Continuous Improvement Using Log Analysis
Research PaperGood security is a moving target. Walls and castles were once good defenses against attackers, but...
- 26 Oct 2011
Measuring Psychological Variables of Control In Information Security
Research PaperThe effects of an individual's personal feelings of control over aspects of their health have been...
- 12 Jan 2011
Which Disney(c) Princess are YOU?
Research PaperSocial engineering for identity theft has always been around. But now, with the advent of social...
- 18 Mar 2010
Prelude as a Hybrid IDS Framework
Research PaperOrganizations both Large and Small are constantly looking to improve their posture on security....
- 24 Mar 2009
The Importance of Security Awareness Training
Research PaperOne of the best ways to make sure company employees will not make costly errors in regard to...
- 14 Jan 2009
Vendor-Supplied Backdoor Passwords - A Continuing Vulnerability
Research PaperVendor-Supplied Backdoor Passwords - A Continuing Vulnerability
- 26 Sep 2008
Making Security Awareness Efforts Work for You
Research PaperMaking Security Awareness Efforts Work for You
- 20 May 2008
The Controlled Event Framework for Information Asset Security
Research PaperThe Controlled Event Framework for Information Asset Security
- 20 Feb 2008
Data Leakage - Threats and Mitigation
Research PaperData Leakage - Threats and Mitigation
- 24 Oct 2007
Identity Theft
Research PaperThe act of identity theft can be performed by anyone, it could be family, friends or spouses. The...
- 2 Jul 2007
Social Engineering Your Employees to Information Security
Research PaperThis paper will examine the role and value of Information Security Awareness efforts in the...
- 19 Dec 2006
Building a Security Policy Framework for a Large, Multi-national Company
Research PaperInformation Security is not just technology. It is a process, a policy, and a culture. Our...
- 5 May 2005
The Role of the Security Analyst in the Systems Development Life Cycle
Research PaperThis paper will proceed in a very logical manner to describe how a sequential development life cycle...
- 5 May 2005