1
00:00:02,510 --> 00:00:11,990
Walk into the lecture and title defense depth security model this is a strategy developed by the military.

2
00:00:12,080 --> 00:00:17,840
The idea behind it is that instead of defeating an attacker with a single strong defensive line it's

3
00:00:17,840 --> 00:00:22,350
better to weaken the attack by forcing the attacker to overcome successive barriers.

4
00:00:24,450 --> 00:00:31,220
You spread out the security for example by doubling protective measures so that it covers a relatively

5
00:00:31,220 --> 00:00:40,740
large space even if the first line of defense falls and even if the second follows the attack will become

6
00:00:40,740 --> 00:00:47,150
noticeable and will lose momentum which will buy time to react appropriately.

7
00:00:47,190 --> 00:00:50,320
The same strategy can be applied to computer systems as well.

8
00:00:58,330 --> 00:01:04,240
Computer systems should be viewed in the way presented in the diagram on the right of the slide.

9
00:01:04,320 --> 00:01:10,090
It presents a system based on independent function layers.

10
00:01:10,240 --> 00:01:15,770
We will analyze each layer in detail later on.

11
00:01:15,820 --> 00:01:19,450
Please note that every layer takes into account the human factor.

12
00:01:20,150 --> 00:01:23,630
It's the most critical factor that affects security of the whole system.

13
00:01:24,930 --> 00:01:28,130
People are very often the weakest link in the security of the system.

14
00:01:30,340 --> 00:01:35,710
Users are susceptible to social engineering and manipulation.

15
00:01:35,730 --> 00:01:38,950
We will now describe the defense and death model in more detail.

16
00:01:40,650 --> 00:01:43,920
Let's try to illustrate it outside the world of computers.

17
00:01:45,030 --> 00:01:48,860
Some medieval castles were surrounded by a moat.

18
00:01:48,880 --> 00:01:51,790
The point was to make the enemy approach the barrier.

19
00:01:52,150 --> 00:01:58,350
The castle was usually protected by one mode only such defenses weren't duplicated.

20
00:01:59,320 --> 00:02:04,960
There was no point in doing that because if the enemy was able to defeat the barrier once they'd be

21
00:02:04,960 --> 00:02:06,380
able to do it again.

22
00:02:08,760 --> 00:02:12,390
Behind the moat there was a wall.

23
00:02:12,470 --> 00:02:18,120
It was an additional barrier independent of the previous one.

24
00:02:18,200 --> 00:02:23,720
Even if somebody managed to cross the moat they couldn't use the same strategy to climb up the wall.

25
00:02:26,190 --> 00:02:31,890
The basis of the defense and depth model is that individual layers of security and solutions implemented

26
00:02:31,890 --> 00:02:34,590
in each layer work independently of one another.

27
00:02:36,930 --> 00:02:42,620
Having three different virus scanners is not exactly a defense in depth.

28
00:02:42,740 --> 00:02:47,720
You can't assume that 3 scanners are better than one because if one doesn't detect a threat another

29
00:02:47,720 --> 00:02:48,320
one will

30
00:02:51,000 --> 00:02:57,950
three anti-virus scanners are just as effective as one defensins that requires installation of three

31
00:02:57,950 --> 00:03:05,210
solutions independent of one another very often money is spent on duplicating security measures for

32
00:03:05,210 --> 00:03:12,610
every layer of the system whereas each layer can be sufficiently protected by only one solution.

33
00:03:13,890 --> 00:03:21,120
This is true also with regards to users.

34
00:03:21,170 --> 00:03:26,180
We will analyze the model from top to bottom starting from data and application layers.

35
00:03:28,190 --> 00:03:30,700
How can you secure data stored in computer systems

36
00:03:33,440 --> 00:03:35,550
access control is the first solution.

37
00:03:37,250 --> 00:03:42,850
This involves granting users access privileges.

38
00:03:42,890 --> 00:03:48,560
The second solution which should be complementary to the first one is to prevent data loss by means

39
00:03:48,560 --> 00:03:50,780
described in the service license agreement

40
00:03:53,520 --> 00:03:59,170
this entails making backup copies or replicating data.

41
00:03:59,190 --> 00:04:06,090
The next solution is to monitor data access you have to know who and when tried to read and modify the

42
00:04:06,090 --> 00:04:08,730
data and whether they succeeded.

43
00:04:11,320 --> 00:04:18,940
All in all data encryption is the only complete effective solution ensuring data confidentiality.

44
00:04:19,060 --> 00:04:23,410
It makes the data independent of the system it's stored in and processed by

45
00:04:26,330 --> 00:04:33,110
the first element of application layer protection is to regularly update your applications.

46
00:04:33,160 --> 00:04:40,230
It will only be possible if the administrator knows every application running on the system.

47
00:04:40,240 --> 00:04:45,150
This means he or she cannot allow users to install on their computers any application they want.

48
00:04:46,910 --> 00:04:50,060
If you don't know something exists you won't try to update it.

49
00:04:52,430 --> 00:04:58,380
Application updates are much more difficult to control than whole system updates.

50
00:04:58,460 --> 00:05:02,230
It's hard to make it automatic.

51
00:05:02,270 --> 00:05:05,970
The administrator has to remember to regularly update all applications

52
00:05:08,580 --> 00:05:10,440
to implement the rules described above.

53
00:05:10,440 --> 00:05:14,190
The administrator may prevent users from installing any kind of software

54
00:05:17,590 --> 00:05:22,770
the administrator may introduce security measures that won't allow any user to install a certain program

55
00:05:25,240 --> 00:05:30,360
this approach differentiates between allowed and forbidden programs.

56
00:05:30,380 --> 00:05:35,970
It's a mechanism completely independent of user privileges.

57
00:05:35,990 --> 00:05:39,850
Of course this layer should also be protected by anti-virus software.