LAYERED NETWORK SECURITY: A best-practices approach docx

.7 StillSecure network security products: pillars of the layered approach.. The following technologies provide security at the network perimeter: • Firewall — A firewall is typically ins

LAYERED NETWORK SECURITY:

A best-practices approach

Prepared by:

Mitchell Ashley

VP of Engineering & CIO Latis Networks, Inc

January 2003

White paper

Table of Contents

Introduction 2

Increasing the hacker’s work factor 2

The layered-security model 2

Level 1: Perimeter security 3

Pros: 3

Cons 3

Considerations: 3

Level 2: Network security 4

Pros 5

Cons 5

Considerations 5

Level 3: Host security 5

Pros 6

Cons 6

Considerations 6

Level 4: Application security 6

Pros 6

Cons 6

Considerations 6

Level 5: Data security 7

Pros 7

Cons 7

Considerations 7

StillSecure network security products: pillars of the layered approach 7

Border Guard: Protects you from the cost of malicious attacks 7 VAM: Assessment and management that continuously ensures network security 8

Defending against common threats and attacks 9

Conclusion 10

About the authors Mitchell Ashley is Vice President of Engineering and CIO of Latis

Networks, Inc He is responsible for product strategy and develop-ment of the StillSecure™

suite of network security software Mr Ashley brings to Latis Networks and its customers more than 20 years of experience in data networking, network security and soft-ware development Mr Ashley is a graduate of the University

of Nebraska, with a Bachelor of Science degree in Computer Science and Business Administration

Latis Networks, Inc

361 Centennial Parkway

Suite 270

Louisville, CO 80027

P : [303] 381 - 3800

F : [303] 381 - 3880

www.stillsecure.com

© 2002-2003 Latis Networks, Inc All rights reserved Latis, the Latis logo, StillSecure and the StillSecure logo are trademarks of Latis Networks, Inc All other trademarks are the property of their respective owners The

Network security is now a mission-critical concern for enterprises,

government agencies, and organizations of all sizes Today’s

advanced threats from cyber-terrorists, disgruntled employees,

and hackers demand a methodical approach to network security

In many industries enhanced security is not an option — it’s

mandatory Recently enacted federal regulations require

organiza-tions such as financial instituorganiza-tions, health care providers, and

key federal agencies to implement stringent security programs to

protect digital assets

This paper introduces you to a layered approach for securing your

network The layered approach is both a technical strategy,

espousing adequate measures be put in place at different levels

within your network infrastructure, and an organizational strategy,

requiring buy-in and participation from the board of directors

down to the shop floor

The layered-security approach centers on maintaining appropriate

security measures and procedures at five different levels within

your IT environment:

1 Perimeter

2 Network

3 Host

4 Application

5 Data

In this paper, we’ll define each of these levels and provide an

overview of the various security measures that operate on

each Our goal is to provide a foundation-level understanding

of network security and suggest a best-practices approach to

protecting digital assets Our target audience includes IT

profes-sionals, business managers, and high-level decision-makers

Protecting your proprietary information does not require magic

or unlimited funds With an understanding of the overall problem,

creating both a strategic and tactical security plan can be a straightforward exercise Furthermore, with the best-practices approach introduced in this paper, you can erect effective barriers without breaking your budget

INCREASING THE HACKER’S WORK FACTOR

Network security professionals speak in terms of “work factor,” which is an important concept when implementing layered security Work factor is defined as the effort required by an intruder to compromise one or more security measures, which in turn allows the network to be successfully breached A network with a high work factor is difficult to break into, while a network with a low work factor can be compromised relatively easily If hackers deter-mine that your network has a high work factor, which is a benefit

of the layered approach, they are likely to move on and seek networks that are less secure — and that’s exactly what you want them to do

The security technologies discussed in this paper collectively repre-sent a best-practices approach for securing your digital assets

In an ideal world you would have the budget and the resources to implement all the measures we discuss Unfortunately, most of us don’t live in an ideal world As such, you should evaluate your net-work — how it is used, the nature of the data stored, who requires access, its rate of growth, etc — and then implement a blend of security measures that provides the highest level of protection given your available resources

THE LAYERED-SECURITY MODEL

Figure 1 presents the layered-security model and some of the technologies that function at each level These technologies are discussed in more detail in the sections that follow

Figure 1 The security levels in the layered approach and the technologies that function on each.

Security level Applicable security measures

• Firewall

• Network-based anti-virus

• VPN encryption

• Intrusion detection /prevention system (IDS/IPS)

• Vulnerability assessment (VA) tools

• Access control /user authentication

• Host IDS

• Host VA

• Anti-virus

• Access control/user authentication

• Host IDS

• Host VA

• Access control/user authentication

• Input validation

• Encryption

• Access control/user authentication

1 Perimeter

2 Network

3 Host

4 Application

5 Data

LEVEL 1: PERIMETER SECURITY

The perimeter is the first line of defense from outside,

un-trusted networks The perimeter acts as the first

and last point of contact for security defenses protecting

the network It is the area where your network ends

and the Internet begins The perimeter consists of one or more

firewalls and a set of strictly controlled servers located in a portion

of the perimeter referred to as the DMZ (demilitarized zone)

A DMZ typically contains the Web servers, email gateways,

net-work anti-virus, and DNS servers that must be exposed to the

Internet The firewall has strict rules about what can enter inside

the network as well as rules about how servers in the DMZ can

interact with the Internet and the inside network

The network perimeter, in short, is your gateway to the outside

world and, conversely, the outside world’s gateway to your

net-work A compromised network perimeter can cripple your ability

to conduct business For example, if your organization relies on

your Web servers for revenue generation, and those servers have

been hacked and are off-line, you lose money for every minute

they are down

The following technologies provide security at the network perimeter:

• Firewall — A firewall is typically installed on a server connected to

the inside and the outside of the network perimeter (see Figure 2)

A firewall performs three general functions; 1) traffic control, 2)

address translation, and 3) VPN termination The firewall performs

traffic control by examining the source and destination of all

incom-ing and outgoincom-ing network traffic; it ensures that only permissible

requests are allowed through Additionally, firewalls help secure the

network by translating internal IP addresses to IP addresses that are

visible to the Internet This prevents the disclosure of critical

infor-mation about the structure of the network inside the firewall A

firewall can also terminate VPN tunnels (discussed below.) These

three capabilities make a firewall an indispensable part of your

net-work security

• Network-based anti-virus — Installed in the DMZ, network-based

anti-virus software compares incoming and outgoing email message

content to a database of known virus profiles Network-based

anti-virus products block infected email traffic by quarantining suspicious

and infected email messages and then notifying recipients and

administrators This prevents email infected with a virus from

enter-ing and spreadenter-ing across your network, and it prevents your net-work from spreading virus-infected email Netnet-work-based anti-virus

is a complement to anti-virus protection performed on your email server and individual desktop computers To work effectively, the database of known viruses must be kept up to date

• VPN — A virtual private network (VPN) uses high-level encryption

to create a secure connection between remote devices, such as laptops, and the destination network It essentially creates an encrypted ‘tunnel’ across the Internet, approximating the security and confidentiality of a private network A VPN tunnel can termi-nate on a VPN-enabled router, firewall, or server within the DMZ Enforcing VPN connections for all remote and wireless network segments is an important best-practice that is relatively easy and inexpensive to implement

PROS

These well established perimeter-level technologies have been available for many years, and most IT professional are well acquainted with their capabilities and operational requirements Therefore, they are relatively straightforward and cost effective

to implement A range of vendors offer solid solutions for these technologies, and most are reasonably priced

CONS

Because these systems are quite basic and have been available for some time, most sophisticated hackers have figured ways around them An anti-virus tool, for example, cannot detect a virus unless

it already has the virus signature or if the virus is embedded within

an encrypted file Although VPN provides effective encryption, it does impose an administrative burden on your IT staff, as encryp-tion keys and user groups must be managed on an ongoing basis

CONSIDERATIONS

The complexity of your network architecture can have a consider-able impact on the effectiveness of these technologies Multiple external connections, for example, would likely require multiple firewalls and anti-virus instances Architecting all of your connec-tions to terminate in a common area allows a single instance of

a given technology to provide effective coverage

Figure 2 A typical firewall installation.

The types of devices located in your DMZ are also an important

factor How critical are these devices to your business? The higher

the criticality, the more stringent security measures and the policies

that govern these devices must be

LEVEL 2: NETWORK SECURITY

The network level of the layered-security model refers

to your internal LAN and WAN Your internal network

may include desktops and servers or may be more

complex with point-to-point frame relay connections

to remote offices Most networks today are fairly open behind the

perimeter; once inside, you can travel across the network

unim-peded This is especially true for most small- to medium-size

organizations, which makes them tempting targets for hackers

and other malicious individuals

The following technologies provide security at the network level:

• Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) — IDS and IPS technologies analyze traffic moving

across your network in much greater detail than your firewall Similar to anti-virus systems, IDS and IPS devices analyze traffic and compare each packet to a database of known attack profiles When attacks are detected, these technologies take action IDS tools alert your IT staff that an attack has occurred; IPS tools go

a step further and automatically block the harmful traffic

IDSs and IPSs have many characteristics in common In fact, most IPSs have an IDS at their core The key difference between the technologies is implied by their names: IDS products only detect malicious traffic, while IPS products prevent such traffic from entering your network Standard IDS and IPS network configurations are show in Figure 3

Intrusion detection system (IDS)

Intrusion prevention system (out-of-band configuration)

Intrusion prevention system (in-line configuration)

Figure 3 Typical IDS/IPS installations

• Network vulnerability assessment (VA) — VA tools scan devices

on a network for flaws and vulnerabilities that could be exploited

by hackers or harmful traffic VA systems typically maintain a

database of rules that identify known vulnerabilities for a range

of network devices and applications During a network scan, the

VA tool tests each device/application by applying the appropriate

rules The process outputs a list of discovered vulnerabilities, which

can then be assigned to IT staff for remediation

• Access control/authentication — Access control entails

authenti-cating users who access your network Authentication is typically

performed against the user information in a RADIUS, LDAP, or

Windows ACTIVE directory Both users and devices should be

controlled by access control measures at the network level

Note: In this paper we discuss access control and authentication

at the network, host, application, and data levels of our layered

security framework A considerable amount of overlap and

inter-action commonly exists among the access control/authentication

schemes that function across these levels, and authentication

can be passed from one level to the next Such interaction is

usually transparent to the user While we discuss these concepts

briefly in upcoming sections, keep in mind that access control and

authentication are sophisticated processes that should be carefully

managed to provide maximum security throughout the network.

PROS

IDS, IPS, and VA technologies perform sophisticated analyses on

network threats and vulnerabilities Where your firewall allows

or disallows traffic based on its ultimate destination, IPS and IDS

tools conduct a much deeper analysis and, therefore provide a

higher level of protection With these advanced technologies,

attacks embedded in ‘legitimate’ network traffic, which can get

through a firewall, will be identified and potentially terminated

before damage occurs

VA tools automate the process of checking your network for

vulnerabilities Performing such checks manually — with the

fre-quency required to ensure security — would be highly impractical

Also, networks are dynamic New devices, application upgrades

and patches, and adding and removing users can all introduce

new vulnerabilities VA tools allow you to scan your network

frequently and thoroughly for newly introduced vulnerabilities

CONS

Intrusion detection systems (IDSs) have a tendency to produce

numerous false alarms, also referred to as false positives While

an IDS will likely detect and alert you of an attack; such

informa-tion could be buried under a mountain of false positive or trivial

data IDS administrators can quickly become desensitized to the

sheer volume of data produced by the system To be effective,

an IDS must be closely monitored and continually fine-tuned

to the usage patterns and vulnerabilities discovered in your

envi-ronment Such maintenance typically consumes a fair amount

of administrative resources

The level of automation within intrusion prevention systems (IPSs)

can vary significantly among products Many must be carefully

configured and managed to reflect the traffic patterns characteris-tic of the network on which they are installed Possible side-effects

of non-optimized performance include terminating legitimate user requests and locking out valid network resources

Access control technologies may have technical limitations For example, some may not work with all the devices on your net-work, so you may need multiple systems to provide the necessary coverage Also, multiple vendors market access control systems, and functionality can vary greatly among products Implementing

an integrated solution across your network may be difficult Such

a patchwork, multi-product approach may actually introduce addi-tional vulnerabilities to your network

CONSIDERATIONS

The success of network-level security measures is somewhat dependent on the speed of your internal network connections Because IDS/IPS and VA tools can consume resources on the networks they protect, increased connection speeds will minimize the impact they have on overall network performance In imple-menting these technologies you must consider the trade-off between improved security and ease of use, as many of these products must be continually managed to perform effectively, and they may make it less convenient to move around on the network

Keep in mind the ongoing evolution of your network when assessing these technologies Scalability may be an issue on rapidly expanding and highly dynamic networks

LEVEL 3: HOST SECURITY

In the layered-security model, the host level pertains

to the individual devices, such as servers, desktops, switches, routers, etc., on the network Each device has a number of configurable parameters that, when set inappropriately, can create exploitable security holes These parameters include registry settings, services (applications) operating on the device, or patches to the operating system or important applications

The following technologies provide security at the host level:

• Host-based intrusion detection systems (IDSs) — Host-based

IDSs perform similarly to network IDSs — the key difference being that they monitor traffic on a single network device Host-based IDSs are fine-tuned to the specific operational characteristics of the host device and therefore provide a high degree of protection when properly administered

• Host-based vulnerability assessment (VA) — Host-based VA

tools scan a single network device for security vulnerabilities Host-based VA tools are fine-tuned to the devices they monitor They are extremely accurate and make minimal demands on the host’s resources Because they are configured specifically for the host device, they provide an excellent level of coverage when properly administered

• Anti-virus — Device-specific anti-virus applications provide an

additional layer of protection when used in conjunction with

network-based anti-virus tools

• Access control/authentication — Access control measures at the

device level are a best-practice that ensures device access is

grant-ed to authorizgrant-ed users only Again, there is likely to be a high level

of interaction between network access-control measures and host

access-control measures

PROS

These host-based technologies provide excellent protection

because they are configured to meet the specific operational

characteristics of a single device Their accuracy and responsiveness

to the host environment allow administrators to quickly identify

which device settings require updating to ensure secure operation

CONS

Host-based systems can be extremely time-consuming to deploy

and manage Because they need to be continually monitored

and updated, they often consume an inordinate number of

man-hours to manage properly Installation is often difficult, and a

considerable effort is often required to fine tune them to the host

device Also, the more operating systems you have on your

network-i.e., the more heterogeneous the network-the more

expensive a host-based approach becomes, and the more difficult

these devices are to manage Also, with a large number of

host-based security devices on a network, the number of alerts and

false positives can be enormous

CONSIDERATIONS

Because of their expense and administrative overhead, host-based

devices should be deployed judiciously Many organizations install

these measures only on the ‘crown jewels’ of their network

LEVEL 4: APPLICATION SECURITY

Application-level security is currently receiving a great

deal of attention Poorly protected applications can

provide easy access to confidential data and records

The hard truth is that most programmers don’t code with security

in mind This is a historical problem with many

commercial-off-the-shelf (COTS) applications You may become aware of security

shortcomings in the software, yet you may be powerless to correct

them

Applications are being placed on the Web for access by customers,

partners or even remote employees with increasing frequency

These applications, such as sales force, customer relationship

management, or financial systems, can provide a ready target to

individuals with malicious intent Therefore, it is especially

important to impose a comprehensive security strategy for on each

network application

The following technologies provide security at the application level:

• Application shield — An application shield is frequently referred

to as an application-level firewall In ensures that incoming and

outgoing requests are permissible for the given application Commonly installed on Web servers, email servers, database servers, and similar machines, an application shield is transparent

to the user but highly integrated with the device on the backend

An application shield is finely tuned to the host device’s expected functionality For example, an application shield on an email server would likely be configured to prohibit an incoming mail message from automatically launching any executables, because that is not

a typical or necessary email function

• Access control/authentication — Like network- and

device-level authentication, only authorized users are able to access the application

• Input validation — Input validation measures verify that

application input traveling across your network is safe to process Although this is crucially important for Web-based input, any interaction between people and a user interface can produce input errors or be exploited if the proper security measures are not in place In general, any interactions with your Web server should be considered unsafe

As an example, consider a Web-form with a zip code field The only acceptable input from this field should be five characters, digits only All other input should be denied and produce an error message when submitted Input validation should occur at multiple levels In this example, a Java script could initially perform browser-based validation on the client side, while CGI-bin validation controls could be put in place on the Web server Additional rules of thumb include:

– Filter key words Common command-related terms, such as

“insert,” should be checked for and prohibited

– Only accept data that’s expected for a given field For example,

a 75-character first name is not standard input

PROS

Application-level security measures enhance your overall security posture and allow you to better control your applications They also provide a higher level of accountability as many of the actions monitored by these measures are logged and traceable

CONS

Implementing comprehensive application-level security can be an expensive endeavor as each application and its host device must

be assessed, configured, and managed individually Also, retro-fitting a network with application security can be a daunting and impractical task The earlier you can implement policies for incorporating these measures, the more efficient and less expensive the process will be

CONSIDERATIONS

The key considerations are prioritizing your applications and planning for the long term Implement security on application where you’ll get the most bang for your buck Long-term planning allows you to implement security measures in a controlled way

as your network grows and avoids the additional expenses that retrofitting will likely require

LEVEL 5: DATA SECURITY

Data-level security entails a blend of policy and

encryp-tion Encrypting data where it resides and as it travels

across your network is a recommended best practice

because, if all other security measures fail, a strong

encryption scheme protects your proprietary data

Data security is highly dependent on organization-wide policies

that govern who has access to data, what authorized users can

do with it, and who has ultimate responsibility for its integrity and

safekeeping Determining the owner and the custodian of the data

lets you identify the appropriate access policies and security

meas-ures that should be applied

The following technologies provide security at the data level:

• Encryption — Data encryption schemes are commonly implemented

at the data, the application, and the operating-system levels

Almost all schemes involve encryption/decryption keys that all

parties accessing the data must have Common encryption

strate-gies include PKI, PGP, and RSA

• Access control/authentication — Like network-, and host-, and

application-level authentication, only authorized users are given

access to the data

PROS

Encryption provides a proven method for safeguarding your data

Should intruders compromise all other security measures on your

network, encryption provides a final, effective barrier protecting

your proprietary information and intellectual property

CONS

There is overhead associated with encrypting and decrypting the

data, which can result in significant performance impacts Also,

key management can become an administrative burden in large

or growing organizations

CONSIDERATIONS

In-depth data encryption must be carefully managed Encryption

keys must be set and synchronized for all affected devices and

applications As such, a fair amount of management overhead is

required for an effective encryption program

STILLSECURE NETWORK SECURITY PRODUCTS: PILLARS OF

THE LAYERED APPROACH

Latis Networks’ StillSecure line of network security products can

provide the foundation for an effective layered-security approach

The StillSecure line includes:

Border Guard — a highly automated, user-friendly family of

network intrusion prevention products

VAM — a family of network-based vulnerability assessment tools

that bring workflow management to the remediation process

If you currently have security measures in place on your network, StillSecure products leverage your existing security investments and greatly enhance your overall security If you have little or no network security in place, StillSecure products provide immediate security and give you a running start on building a comprehensive layered-security system The following sections introduce you to these best-of-breed products

BORDER GUARD: Protects you from the cost of malicious attacks

Latis Networks developed the StillSecure Border Guard family of IPS products to protect networks from attack and, through a high level of automation, reduce the IT resources required to operate

a secure network Operating on both the perimeter and the net-work levels of the layered security model, the Border Guard family can protect a variety of network architectures and includes:

Border Guard Standard — Border Guard Standard works in concert

with your existing firewall to block attacks

Border Guard Gateway — Border Guard Gateway, which has

traffic-blocking functionality built in, is ideal for perimeter defense and for securing traffic behind the firewall, such as extranet con-nections to satellite offices and suppliers

Border Guard Wireless — Border Guard Wireless is designed

specifically for wireless networks It prevents intruders from compromising your network through notoriously insecure wireless access points

Border Guard products plug the most dangerous security holes

on your network Each product:

• Automatically blocks incoming attacks using Dynamic Attack SuppressionTM

technology, which reduces IT man-hours spent

on security and protects your network 24 / 7 / 365

• Includes automatic rule updates, ensuring protection and eliminating the need to manually research and integrate the latest attack profiles

• Learns to gauge the response to suspicious traffic, greatly reducing the number of false positives

• Provides detailed reporting to satisfy management and auditors

• Employs an easy-to-use, entirely Web-based interface

Figure 4 shows how Border Guard products are typically installed With attack rules that can be updated as frequently as every hour, Border Guard products stop even the latest attacks Through

Intelligent Attack ProfilingTM

, each Border Guard installation characterizes the traffic moving across the network and learns how to best respond to anomalous patterns — by terminating the traffic, sending alerts, or allowing access As a result, false-positives are greatly reduced and the need for manual interaction

is minimized When interaction is required, Border Guard products can notify you via email or pager, send an SNMP trap or execute

a custom script This level of automation dramatically reduces the administrative burden on your IT staff

Each product includes a robust database that logs all network

activity, and the built-in, drill-down reporting engine offers a

wide range of customizable, actionable reports The products’

at-a-glance, Web-based interface is managed by the StillSecure

Console, which lets you control all instances of Border Guard

products installed on your network from a single user interface

VAM: Assessment and management that continuously ensures

network security

Latis Networks developed its VA tool, VAM (Vulnerability

Assessment and Management) to not only identify all network

vulnerabilities, but to manage and validate the vulnerability

repair process as well VAM comprises three integrated products:

Server VAM — scans servers, routers, switches, and firewalls.

Desktop VAM — scans for vulnerabilities specific to desktops,

laptops, and printers

Remote VAM — scans Internet-visible servers, routers, switches,

and firewalls

Collectively, VAM products assess and manage vulnerabilities on

all segments of your network Figure 6 shows a typical VAM

installation Each VAM product includes:

• Exclusive IntelliscanTM

technology, which automatically determines which scan rules are appropriate for each device

• The built-in VAM Vulnerability Repair WorkflowTM

• Automatic scan rule updates

• Variable scanning frequency based on device importance

• Detailed reporting to meet the needs of IT staff, management, and auditors

• Easy-to-use, entirely Web-based interface

VAM effectively addresses many of the threats that the firewall

is incapable of detecting Through its regularly scheduled and automated scanning process, VAM identifies any vulnerabilities introduced by mobile devices or through risky practices such as application downloads, instant messaging, and peer-to-peer connections It also scans for vulnerabilities inherent in third-party applications, which hackers readily seek to exploit

VAM’s comprehensive vulnerability database, which can be updated automatically as often as every hour, enables the system’s depth and flexibility of scanning This library of scan rules includes research and advice to help you determine how to repair specific vulnerabilities

The VAM built-in Vulnerability Repair Workflow tracks and

assigns security vulnerabilities from identification to repair, ensuring accountability in the repair process It makes remediation an integral part of the vulnerability assessment For your IT staff, VAM allows for a variety of access privileges based upon a user’s role relative to the detection, repair, and verification process

VAM logs all scan and repair activities, and includes a comprehen-sive reporting engine that delivers customizable reports appropriate

to specific audiences — board members, auditors or regulators, executives or fellow IT professionals VA tools have traditionally

Standard

Inside firewall Outside firewall

Remote office Wireless network

Standard

Figure 4 Typical Border Guard product installations.

Common network attacks

Web server attacks

Unauthorized Internet mail relaying

System-level remote host compromise

Unauthorized P2P / IM usage

Unauthorized internet services available

Virus detection

been seen as one-dimensional products used and understood only

by network specialists Server VAM introduces much-needed

man-agement tools to VA technology, transforming VA from a solely

technical process to a business process vital to an organization’s

success

DEFENDING AGAINST COMMON THREATS AND ATTACKS

Figure 6 demonstrates how the layered-security approach protects

against common threats and attacks The figure shows how each

level plays a key role in contributing to comprehensive, effective

network security The shaded regions indicate where Border Guard and VAM products function in the layered-security model The common threats presented in Figure 6 include:

• Web server attacks — Web server attacks encompass a wide

variety of problems with nearly every Web server available From simple page defacement, to remote system compromise, to

a complete denial of service (DOS), Web server attacks are one

of the most common attacks today Code Red and Nimda are well known Web server attacks

Figure 6 A typical StillSecure VAM installation All three VAM products can be installed on a single machine and managed from one user interface The shading indicates the coverage each VAM product provides.

Figure 7 Each level contributes to the security of your network Functioning on levels 1 to 4, StillSecure products defend against

these common threats and others, as the shaded regions indicate

Border Guard Wireless

VAM (Server, Desktop, Remote)

P P P P P P

D D D D D D

D D D D D D

D D D D D D

P P P P P P

D D D D D D

P = Prevents

Border Guard prevents the attack.

D = Detects

VAM detects the enabling vulnera-bility and prevents attack through remediation

1 Perimeter 2 Network 3 Host 4 Application 5 Data