Layered security is a network security   layer  is  also  the  most  accessible  and  the  most
          approach that uses several components to protect   exposed to the outside world because for the   Data-Link Layer Threats
                                                                                    The data link layer provides reliable transit
          an organization’s operations with multiple levels   application to function, it must be accessible over   of data across a physical link. The data link layer
          of security measures. The purpose of layered   Port 80 (HTTP) or Port 443 (HTTPS). Other possible   is concerned with physical addressing, network
          security approach is to make sure to not leave   exploits at the Application Layer include viruses,   topology,  network  access, error notification,
          any single point of failure in the security design.   worms, phishing, key loggers, backdoors, program   ordered delivery of frames, and flow control.
          In many scenarios, layered security strategy   logic flaws, bugs, trojan horses and Ransomware.  Frame-level exploits and vulnerabilities include
          mitigates the potential weakness of one layer by                       sniffing, spoofing, broadcast storms, and
          the strength of corresponding other layers.  Presentation Layer Threats  insecure or absent virtual LANs (VLANs, or lack
            Individual layers in a layered security   The most prevalent threats at this layer are   of VLANs). Network interface cards (NICs) that
          approach  focuses  threats  possessed  to  malformed SSL requests. Knowing that inspecting   are misconfigured or malfunctioning can cause
          Confidentiality, Integrity and Availability. These   SSL encryption packets is resource intensive,   serious problems on a network segment or the
          layers work together to tighten security and   attackers use SSL to tunnel HTTP attacks to   entire network.
          by minimizing potential threat surface area for   target the server. Mitigation plans should include   Port security is important to tackle Address
          intruders from breaching your network, making it   options like offloading the SSL and inspecting   Resolution Protocol (ARP) spoofing, Media Access
          much more robust than relying on a single layer   the encrypted application traffic for the signs   Control (MAC) flooding or cloning, Port Stealing,
          security solution.                 of  attacks  traffic  or  violations  of  policy  at  an   Dynamic Host Configuration Protocol (DHCP)
            The terms “Defence in depth” and “Layered   applications delivery platform and subsequently   Attacks, layer 2-based broadcasting or Denial of
          security” are often used interchangeably,   encrypting it after the process of inspection is   Service Attacks. Switches should be configured to
          however there is a subtle difference with a   complete.                limit the ports that can respond to DHCP requests,
          lot  of  overlap.  The  term  “defence  in  depth”                     static ARP should be implemented and Intrusion
          refers to an even more comprehensive security  Session Layer Threat    Detection Systems (IDS) should be installed.
          strategy approach than layered security. In fact,   DDoS-attackers exploit a flaw in a Telnet server
          one might say that just as a firewall is only one   running on the networking devices like switches,   Physical Layer Threats
          component of a layered security strategy, layered   rendering Telnet services unavailable. Thus, it   The copper & fiber-optic cables that connect
          security  is  only  one  component  of  a  defence   becomes important that networking hardware   everything together create the actual network
          in depth strategy. Défense in depth strategies   is regularly patched for such vulnerabilities,   that  everything  else  uses.  Most  threats  at  this
          also include other security preparations which   proper access and session restriction policies are   layer involve interruption of the electrical signals
          address concerns such as: monitoring, alerting,   configured and firmware is kept up-to-date.  that travel between network nodes including the
          and emergency response, authorized personnel                           physical cutting of cables, natural disasters that
          activity accounting, disaster recovery, criminal                       bring flood waters which can cause short-circuits,
          activity reporting, forensic analysis etc. But   Transport Layer Threats  or other human vandalism. Many organizations
                                                Transport Layer Security (TLS) is used to
          nonetheless, layered security approach is one of   secure all communications between their Web   mitigate these failures by bringing in multiple
          most important components of Défense in Depth   servers and browsers regardless of whether   circuits to the internet.
          strategy.                                                                 A superior strategy is the placement of all
                                             sensitive data is being transmitted. TLS is a   network core elements such as servers and
          Areas of Cyber Security Threats    cryptographic protocol that provides end-to-end   storage at multiple redundant cloud data centers
            Cyber security threats exist at all the OSI/ ISO   communications  securely  over networks and is   so that services are available at all the times.
          model layers starting at Layer 7 – the Application   widely used for internet communications and
                                             online transactions. It is intended to prevent
          Layer because that’s the place where users begin   eavesdropping, tampering and message forgery.   Functional Aspects
          by interfacing to the network. For the purposes   Common applications that employ TLS include   An analogy can be drawn between Layered
          of creating the most comprehensive Cyber   Web browsers, instant messaging, e-mail such as   approach  to  security  and  physical  security  at
          security plan we must actually start BEFORE   Outlook and voice over IP.  an airport. Just like multiple checkpoints at
          the Application Layer and address perhaps the                          an airport serve different purpose, different
          biggest vulnerability in the entire network – the                      layers of security also prevent different type of
          user himself. Users are human and are far more  Network Layer Threats  cyber threats. What layers of security are used
          subjected to making errors than computers which   Routers make decisions based on layer 3   in practice may vary from implementation to
          will perform the same function the same way   information, hence the  most common  network   implementation, but most common ones are:
          every time. Threats at each layer of the ISO-OSI   layer threats are generally router-related,
          model include:                     including  information  gathering,  sniffing,  Network Perimeter Defense
                                             spoofing, and distributed denial of service (DDoS)   Perimeter  defense  involves  firewalls,
          Application Layer Threats          attacks in which multiple hosts are enlisted to   intrusion detection and prevention systems, and
            Examples of application layer attacks include   bombard a target router with requests to the   DMZs. Network Perimeter defence separates an
          distributed  denial-of-service  attacks  (DDoS)   point where it gets overloaded and cannot accept   organization’s network from External network and
          attacks, HTTP floods, SQL injections, cross-site   genuine requests.   prevents unauthorized access to this network. Its
          scripting, parameter tampering, and Slow-  The most effective protection is achieved by   components include:
          loris attacks. To combat these and more, most   consistently observing best practices for router,   Firewall: Firewall is an essential part of any
          organizations have an arsenal of application layer   firewall and switch configurations. At the router   network security; a firewall stands as the main
          security protections, such as web application   itself it is important to constantly assure that   barrier  between  the  organization’s  internal
          firewalls  (WAFs),  secure  web  gateway  services,   the router operating system is up to date on all   secured network and external network. While
          and others. According to the experts “The   security patches, packet filtering is kept enabled   some firewalls are basic, others can be highly
          application layer is the hardest to defend”. The   and any unused ports are blocked, unused   complex and sophisticated like Next Generation
          vulnerabilities encountered here often rely on   services, and interfaces are disabled. Logging   Firewalls and Unified Threat Management devices.
          complex user input scenarios that are hard to   should be enabled, and regular auditing of any   Intrusion Detection  and  Prevention: This
          define with an intrusion detection signature. This   unusual activity should be conducted.  system is designed to monitor intrusions and



          26  informatics.nic.in  October 2021