![]() Once on the wire, an attacker has free access to system attack surfaces. Perimeter defenses protect the data center from external threats with little protection against internal threat agents. Traditional networks resemble Figure 5-1. I use the term packet instead of frame to refer to transmission entities at both the network and the data link layers. In this chapter, we step through a description of VLAN technology, how to secure it (including basic switch security), and how to control packets to increase the overall strength of attack surface defense. By segmenting a network, and applying appropriate controls, we can break a network into a multi-layer attack surface that hinders threat agents/actions from reaching our hardened systems. Traditional flat networks present a single surface to the outside and almost nothing to internal threats. The next step is moving out from systems to the network attack surface. In Chapter 4, we examined system attack surface reduction. This is Chapter 5 in Tom Olzak ‘s book, “Enterprise Security: A practitioner’s guide.”Ĭhapter 4 is available here: Attack Surface Reduction – Chapter 4Ĭhapter 3 is available here: Building the Foundation: Architecture Design – Chapter 3Ĭhapter 2 is available here: Risk Management – Chapter 2Ĭhapter 1 is available here: Enterprise Security: A practitioner’s guide – Chapter 1 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |