We live in a world made up of analogies. We use analogies as a point of reference to explain something that may not be intuitive to someone. At some point we’ve all heard the Internet described by comparing it to a highway (or Information Superhighway to quote its “inventor”).
The world of security is no different. Although when we try to intimate that security is complicated or multi-layered by comparing it to an onion, are we getting the point across? I’m going to say no.
So here’s my stab at it…
Data is like water. So let’s treat it like it.
First, let’s have a “brief” primer on how the water in our facets gets there.
- Water is everywhere. In the air, on the ground, and in the ground (technically called an aquifer). This is called surface water or ground water.
- The water is pulled from the source by our community or municipal water system and goes through the most basic of filters. This step is called coagulation. At this point, we’re removing on the most basic of things suspended in the water. Dirt, loose rock, tires, fish, you name it. It’s a relatively large screen, so many things are passed through.
- The water is then “floc’d”. Floc is adding of chemicals that attract known bad particles. Floc attracts these particles and combines with them to make a heavier substance that now sinks to the bottom. We now have sediment (this is aptly called sedimentation).
- We now pass the water through more and more fine filtration to remove any remaining sediment.
- Now that it’s filtered, chemicals are added to disinfect the smallest of organisms living in the water.
- It’s now shipped off to water storage or through pipes to be sent to our homes. (Actually it’s far more complicated and you can checkout the EPA’s site for more detailed, and possibly accurate, information on how this all works. If really, really want to.)
- Being the hygienic creatures we are, we are not quite satisfied with this. We will apply yet another filter at our faucet to assure us that we didn’t pick up any particulate along the path to our sinks.
So, now that you know more that you care to about how your water comes to you… let’s tie it in with the basics of Internet data security.
Data security is multi-layered like the oft referenced onion. But that doesn’t mean a stack of “things” on your perimeter is going to provide the protection to Internet traffic that you want/expect. In fact, it’s not all in your hands.
But wait, can’t I put a firewall and AV on my machine and be okay? Sure. You can also pump water directly from the lake into your sink. You can use screens and mesh to filter it. But I’m not drinking it.
First, we need to know that there are larger efforts going on to help protect us. These are the big screens. This is where the largest ISPs are doing their filtering. It may be basic, but it’s certainly helping. Many of them are getting aggressive and have implemented some quite sophisticated work with helping keep the “junk” off their networks completely. They may even do some heuristic analysis and flag some traffic so it is more easily caught/seen by downstream devices. In this day and age of Bots and Command and Control networks, there are a lot of servers being placed out there to help attract these bits of malware and the C&C. I like to think of this as “Bot Floc’ing” (refer to water example above if you think this sounds somehow inappropriate).
Additionally we have the new offerings of “in the cloud” services that can provide for a more sanitized information feed. Think of this as your chemical disinfection.
Once it’s delivered to us, were still going to provide for more fine filtration since we don’t know what additional sediment was picked up or removed by the chemical disinfection. At this level we have our perimeter devices (firewall, gateway, proxy devices, anti-virus, anti-spam, network based intrusion detection, etc). This is in the middle of the entire chain, but we see it as our first line of defense because it’s where the edge our (network) visibility exists.
Finally we’re down to our glass… I mean PC. Today it’s a filter on the sink, a carbon filtered pitcher, filters in our refrigerators for our ice, etc. These are analogous to our host protection (host intrusion prevention systems, anti-virus software, PC firewalls, etc.) that you install and run on your personal compter.. With this understanding, you now realize that there are a lot of players working in concert to help provide as clean a data “stream” as possible to you.
So that’s it right? Not quite. As with anything, you still have some personal responsibility here. Most of you have turned on a sink and found water coming out that isn’t quite the color you expect it to be. In fact, you don’t expect it to be any color at all. So you (hopefully) don’t end up washing with or drinking it until it begins to run clear again. That same attentiveness applies to our browsing. That doesn’t mean you can let down all your guard and do whatever you want (like publicizing your social security number and daring people to steal your id). You still need to be responsible and attentive.
So it’s been a long ride, but I think a good one. It’s not a simple analogy like an onion, but onions aren’t supposed to be simple, right?