Layered Security: Self Defense or Self Delusion?
Roger G. Johnston, Ph.D., CPPVulnerability Assessment TeamArgonne National Laboratory9700 S. Cass Ave.Argonne, IL 60439-4840
Security in Depth is a good thing: 4 layers of security trumps 1 layer of security everytime, right? Well, not so fast! Layered security can be a useful tool, but it also holds lots ofhidden dangers.Almost every vulnerability assessor is familiar with the following scenario, which theauthor has personally witnesses at least 2 dozen times (including at nuclear facilities): Asecurity manager is shown a simple, successful attack on a security device or system, or aportion of the overall security program. Then he/she is shown an inexpensive counter-measure, or at least a partial fix that is relatively painless. The instant response: "Well,yes, that is all very interesting, but we have multiple layers of security, so a failure in onelayer does not mean that our overall security has failed. Thus, we don't need to beconcerned with this vulnerability, nor do we need to implement the recommendedcountermeasure(s)."Is this the correct decision? Ultimately, maybe it is and maybe it isn't. But to knee-jerkthe decision not to explore the possibility of improving a given layer or portion of a securityprogram based solely on the idea that there are additional layers is certainly not the rightresponse.As we shall see, having multiple layers of security opens up a wide assortment of newproblems, complexities, and vulnerabilities. If security managers aren’t careful, security indepth can also lead to over-confidence, sloppy thinking, a flawed mindset, and lax securityculture. Sometimes complex, multiple layers of security may be less secure than having asingle layer that is carefully thought through, taken seriously, conscientiously maintained,and constantly tweaked to deal with new challenges, threats, technologies, and conditions.
The Two Kinds of Layered Security
Layered security comes in two general flavors: serial and parallel. Most securityprograms, however, involve some mixture of the two.