1
00:00:01,240 --> 00:00:07,210
Now we'll analyze a few scenarios showing the effectiveness of the defense and depth model against various

2
00:00:07,210 --> 00:00:12,190
types of attacks automated attacks on the specific services.

3
00:00:12,190 --> 00:00:13,480
The first scenario

4
00:00:17,240 --> 00:00:24,740
such an attack was conducted 10 years ago by the Code Red virus used loopholes in the security of the

5
00:00:24,740 --> 00:00:25,990
Microsoft web server

6
00:00:29,250 --> 00:00:33,690
not going into detail of the virus strategy.

7
00:00:33,770 --> 00:00:38,240
Let's consider whether the independent security measures of each functional layer of the system could

8
00:00:38,240 --> 00:00:39,550
stop the attack.

9
00:00:42,320 --> 00:00:48,620
The network firewall should block the attempt to send modified HTP packets used by the virus to attack

10
00:00:48,620 --> 00:00:55,400
vulnerable HTP servers at the perimeter of the network.

11
00:00:55,450 --> 00:00:58,150
Half of these packets would probably be blocked indeed

12
00:01:02,120 --> 00:01:05,640
if the web servers were placed in the demilitarized zone.

13
00:01:05,720 --> 00:01:09,070
The virus will infect only the computers in the DMZ.

14
00:01:12,920 --> 00:01:20,570
If the operating system was regularly updated it could help block 9 out of 10 attacks.

15
00:01:20,620 --> 00:01:28,210
The virus exploited the vulnerability unknown months before the wave of attacks the virus scanner would

16
00:01:28,210 --> 00:01:39,720
detect and Block 9 out of 10 attacks in the application layer.

17
00:01:39,860 --> 00:01:45,170
The strength of the defense and depth model is that even though individual solutions are not infallible

18
00:01:45,740 --> 00:01:51,080
if they are truly independent of each other you can count the probability of the attack by multiplying

19
00:01:51,080 --> 00:01:55,810
the individual probabilities.

20
00:01:56,050 --> 00:01:59,560
The final value is much less than the individual probabilities values

21
00:02:02,430 --> 00:02:09,060
considering are optimistic assumptions threat probability amounts to point 0 4 percent and was counted

22
00:02:09,060 --> 00:02:18,730
by multiplying 40 percent times 1 percent times 10 percent.

23
00:02:18,750 --> 00:02:24,510
The next scenario we will consider is an automated attack utilizing several types of propagation technique.

24
00:02:26,520 --> 00:02:34,380
This was a strategy employed by the Nimda computer virus it's spread via e-mail and local networks but

25
00:02:34,380 --> 00:02:36,570
it also infected remote web servers.

26
00:02:37,830 --> 00:02:41,220
The virus is known to use 12 ways to infect computers.

27
00:02:50,330 --> 00:02:55,700
The defense in-depth model will not only lower the threat of infection but it would also limit the number

28
00:02:55,700 --> 00:03:00,480
of infected computers in case of an attack.

29
00:03:00,730 --> 00:03:06,100
It would require setting up an application firewall at the perimeter level that would analyze incoming

30
00:03:06,100 --> 00:03:12,260
data transmissions and not only their packet headers.

31
00:03:12,510 --> 00:03:18,810
The firewall would detect and block modified requests thus preventing the virus from spreading via e-mail.

32
00:03:20,990 --> 00:03:24,210
That was however only one of the ways the virus spread.

33
00:03:24,230 --> 00:03:25,520
So you're still at risk

34
00:03:28,100 --> 00:03:33,020
protecting each computer by a firewall would keep the virus from spreading through local networks.

35
00:03:35,540 --> 00:03:39,130
Regularly updated network firewalls should block this mechanism.

36
00:03:41,220 --> 00:03:46,590
Operating system updates would eliminate the threat of the Nimda virus almost completely unless the

37
00:03:46,590 --> 00:03:49,080
attack would come from a modified version of the worm

38
00:03:56,040 --> 00:03:58,960
and then the used social engineering methods as well.

39
00:04:00,110 --> 00:04:07,030
It tried to get users to start the program by opening an email attachment but an effective security

40
00:04:07,030 --> 00:04:15,280
policy could counter even this method of attack no security measure is 100 percent effective.

41
00:04:15,290 --> 00:04:21,780
Sometimes this ratio amounts to 15 percent but by combining many security solutions you can make your

42
00:04:21,780 --> 00:04:24,850
system relatively secure.

43
00:04:24,850 --> 00:04:26,700
This is called The Swiss cheese model.

44
00:04:28,470 --> 00:04:34,560
A piece of swiss cheese has a lot of holes but because individual slices stick close together few holes

45
00:04:34,560 --> 00:04:35,560
go through.

46
00:04:36,990 --> 00:04:42,810
Similarly in the case of security some holes may look more serious than others but there is no open

47
00:04:42,810 --> 00:04:43,830
attack path.

48
00:04:48,010 --> 00:04:51,640
Now a few more examples of the effectiveness of the defense and depth model

49
00:04:58,530 --> 00:05:05,950
hypothetical response of a computer secured on the basis of this model is presented in the slide below.

50
00:05:06,070 --> 00:05:07,600
You can analyze it on your own.