Authentication Administration Practices
Yes, the answer is a correct response to the question. A layered security approach is a good choice for an organization to do if it wants to implement a good security measure. It is a fact that a single defense mechanism applied could have flaws so there is a need to use a series of defense mechanism that would be use to cover the hole in the protective capabilities of the others. For example, intrusion detection systems, firewalls, integrity auditing tools and procedures, local storage encryption tools and malware scanners could be applied since each of these tools can protect the information technology resources in different ways.
When applying layered security, it does not mean the implementation of two or more tools with the same type of defense mechanism but the implementation of different tools that has different security capabilities. Security could be applied in different layers like applying a specific security measure for the network layer, perimeter, host, application and data (Ashley, 2006).
Defense in depth type of security could also be implemented by an organization which provides for a more comprehensive security approach. This type of security measure treats layered security as just one component. In defense in depth security a wide range of possibilities are assumed such is physical theft and other incidental threats that may arise. Protection strategies applied includes the authentication and authorization for network users, deployment of VLANs to separate traffic and coarse-grained security, usage of firewall at port level to fine-grain security, placing of encryption all through the network, detection of possible threats to network integrity and providing remedies and the inclusion of end point security measures (Snyder, 2010)
Aside from all the technologically based security measures that an organization can have, it would also be a great help to consider psychology in the planning of security measures. This includes studying the behavior of persons involved in security attacks such as phishing and pre-texting. Some measures to avoid these are password manglers, client certs or specialist apps, soft keyboard and educating customers (Anderson, 2008).
References:
Anderson, R (2008). Chapter 2: Usability and Psychology. In Security engineering A guide to building dependable distributed systems (2nd ed.). Retrieved from http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c02.pdf
Ashley, Mitchell (2006). Layered Network Security 2006: Best Practices. Retrieved from http://www.stillsecure.com/docs/StillSecure_LayeredSecurity.pdf
Snyder, Joel (2010). Six Strategies for Defense – In- Depth: Searing the Network from the Inside Out. Retrieved from http://www.arubanetworks.com/pdf/technology/whitepapers/wp_Defense-in-depth.pdf
