East of Frankfurt, Germany, lays the Fulda Gap, once the focal point of the largest peacetime concentration of military forces in history. During the Cold War, more than a million NATO and Warsaw Pact troops faced off, waiting for ?the balloon to go up" (as they'd say in the military), signaling the start of World War III.
The Fulda Gap was the most likely avenue of approach by Warsaw Pact forces in their march toward the Atlantic. World War III, as it was envisioned during the Cold War, would be a test of Western technology versus the Soviet Union's numerical superiority. While technology would eventually win the war (we hoped), NATO planners concluded that nothing could blunt the initial Russian thrust. Thus, the Fulda scenario called for a fighting retreat to positions near the Rhine River. NATO would then use its superior knowledge of the terrain, its advanced weaponry and superior tactics to slow and thwart the Russian invaders.
Enterprise networks are a lot like the Fulda scenario, in which enterprise security managers must use their superior technology and know-how against a seemingly overwhelming, omnipresent threat. The strategy offers some interesting lessons for IT security managers.
Define the battlefield. Building an indestructible fortification is pointless if hackers can just go around it (remember the Maginot Line?). Defenders need to dictate which direction hackers must turn to avoid that obstacle.
Your adversary is on unfamiliar ground. Not only must he identify and exploit a kink in your defenses, but he must then hunt for other vulnerable targets inside your perimeter. Your attacker's lack of knowledge gives you an advantage. You can make each step of his enumeration process as difficult as you want. If you construct your Fulda Gap correctly, you'll know exactly where your enemy is coming from and make him pay for each switch, router and server he crosses.
Layer defenses. Force your adversary to expend time and resources to overcome obstacles. Erect firewalls, construct DMZs, harden servers and lay honeypot traps. Time is the enemy of every hacker; the longer it takes to penetrate each layer, the more likely he'll be detected, discouraged or defeated.
Defense-in-depth also gives you time to respond. If the first line of defense doesn't stop him, the next line will. The deeper you draw him into your territory, the greater your advantage.
Bend, don't break. Accept that you can't repel every invader at the battlements. You simply can't anticipate every attack or the degree of its sophistication. Fixed defenses may defeat script-kiddies, but little is going to stop a determined, persistent adversary. Plan to absorb the first blow. You'll lose some battles, but the goal is to win the war.
Like NATO planned to do, fall back to more defensible positions. For instance, if a worm infects a network segment, choke it off to prevent it from spreading to the rest of the network. Likewise, isolate servers and subnets to prevent hackers from getting to high-value targets. It may hurt to lose a few desktops, but their sacrifice will allow you to protect business-critical systems and live to fight another day.
By forcing hackers to fight you on your terrain and your terms, you increase the level of difficulty for compromising your network. Once the invaders are drawn into your realm, you can use your superior knowledge and weaponry to defeat them.
About the author:
Lawrence Walsh is the executive editor of Information Security magazine>