WEBVTT 00:00.580 --> 00:08.100 A critical concept in the world of I.T. Security is defense in depth or layered security. 00:08.110 --> 00:13.090 Now before we get into this too much I want to make sure we're incredibly comfortable with a particular 00:13.090 --> 00:18.210 set of terms and that is diversity versus redundancy. 00:18.280 --> 00:23.890 So to help us out here I'm going to go back to World War One Better World War One you had these trench 00:23.890 --> 00:26.800 systems out there now with these trench systems. 00:26.800 --> 00:32.380 You didn't have just one trench you'd have a lot of trenches two or three or four or five trenches in 00:32.380 --> 00:36.510 that particular case what you're talking about is redundancy with redundancy. 00:36.520 --> 00:43.360 We have applied some type of security control over and over again almost always in some form of layered 00:43.360 --> 00:44.650 fashion. 00:44.650 --> 00:50.800 Now diversity is a different animal altogether in diversity what we're talking about is bringing a different 00:50.800 --> 00:52.630 type of control into play. 00:52.630 --> 00:57.030 So sticking with that will we're one analogy instead of just having trenches. 00:57.040 --> 01:00.930 I'd also put in barbed wire or machine gun posts or something like that. 01:00.970 --> 01:07.180 Totally different types of controls to prevent the bad guys from coming across No Man's Land and taking 01:07.180 --> 01:07.810 over. 01:07.960 --> 01:08.880 And sorry about it. 01:08.890 --> 01:13.620 That's right now as lots of really great stuff were war one was 100 years ago so I'm watching all that. 01:13.620 --> 01:15.250 It's on my mind. 01:15.400 --> 01:20.230 So now that we're comfortable with the difference of diversity versus redundancy Let's take a look at 01:20.230 --> 01:21.060 this a little bit. 01:21.130 --> 01:28.180 Now what I'd like to start off with is here's an example of a single computer sitting in my office somewhere. 01:28.270 --> 01:31.730 And what I want to do is I want to protect protect that from malware. 01:31.750 --> 01:32.990 So what can I do. 01:33.000 --> 01:41.680 Well I can install multiple redundant layers of security for example I can put anti-malware directly 01:41.770 --> 01:43.510 on the system itself. 01:43.510 --> 01:50.290 I can set up network based intrusion detection to see if I can find malware that way I can put malware 01:50.350 --> 01:53.240 on access control lists within my firewall. 01:53.440 --> 01:59.890 I can put anti-malware in a lot of different places and provide a lot of layers to protect that one 01:59.890 --> 02:01.940 system there in the middle. 02:01.960 --> 02:03.870 Now diversity is a little bit of a different animal. 02:03.880 --> 02:09.760 So with diversity here total seminars I only have one Internet service provider and that Internet service 02:09.760 --> 02:14.830 providers the popular dosis Comcast which a lot of people have these days. 02:14.850 --> 02:19.390 Now I want to give myself some defense in depth here. 02:19.390 --> 02:22.840 So would I go out and just go get another Comcast system. 02:22.840 --> 02:23.330 No. 02:23.410 --> 02:27.760 What I want to do is I want to be diverse in this case so what I'm going to do is I'm going to keep 02:27.760 --> 02:29.060 my Comcast system. 02:29.110 --> 02:34.300 But I'm also going to go again another provider here down in southern Texas AT&T who would provide me 02:34.300 --> 02:39.610 a completely different Internet service provider service in case anything were to ever go wrong. 02:39.610 --> 02:47.180 So that would be a great example of classic diversity when it comes to Internet service providers. 02:47.260 --> 02:52.330 So we do this a lot when it comes to diversity so we're always thinking about different things like 02:52.330 --> 02:52.580 this. 02:52.630 --> 02:57.160 Example what I just gave you there is what we would call vendor diversity in that particular case I 02:57.160 --> 02:58.480 didn't stick with just Comcast. 02:58.480 --> 03:02.920 I use two different vendors to provide my internet service provider and by the way we can do this with 03:02.920 --> 03:08.140 just about anything we could to have diversity and routers diversity in operating systems almost anything 03:08.140 --> 03:09.490 we want. 03:09.490 --> 03:15.040 So when we talk about diversity we tend to think about the physical administrative and technical control 03:15.040 --> 03:15.840 thing. 03:15.850 --> 03:21.820 So when you think about those three things we want to make sure that we have different types of controls 03:21.910 --> 03:25.580 on any particular situation where we want to have defense and depth. 03:25.630 --> 03:31.140 One great example would be I don't want people logging into computers at certain times. 03:31.150 --> 03:35.770 So one of the things I could do is I can set up a technical control that I can configure my Windows 03:35.770 --> 03:39.340 server so they can only log in between this time and that time. 03:39.550 --> 03:43.900 But I could also make an administrative control in this case and by setting up an administrative control 03:43.900 --> 03:48.850 I can basically just assign people to different shifts and then that way they're never really going 03:48.850 --> 03:50.350 to run into each other. 03:50.350 --> 03:54.700 So two very different controls achieving the exact same thing. 03:54.700 --> 04:00.870 Another great example I could do is let's say I don't want people using Facebook during company time. 04:00.910 --> 04:07.110 So in this particular case well I could set up a technical control and basically block Facebook dotcom 04:07.210 --> 04:13.450 right at my firewall but I could also do an administrative control and in this particular case I could 04:13.450 --> 04:20.020 set up an acceptable use policy that says Ye shall not use social media during business hours and in 04:20.020 --> 04:27.040 that case once again I've got two very very diverse types of security controls achieving the same job. 04:27.190 --> 04:31.660 So when we're talking about defense and depth it's great to think about the layers the layers are important 04:31.960 --> 04:53.770 but also remember whenever we're doing good defense in depth you have good diversity.