Product Defense in Depth
From Teltonika Networks Wiki
Main Page > FAQ > Security > Product Defense in Depth
Summary
Defense in depth is a layered security strategy that employs multiple measures to protect a network. Implementing these strategies helps establish defense system, that are capable to mitigate a wide range of threats.
Security Capabilities and Defense-in-Depth Strategy
Application layer:
- Authentication and Authorization - Ensures only authorized users can access devices administration and programming interfaces.
- Access control mechanism - prevents unauthorized access to the devices configurations and protects sensitive information.
Network layer:
- NAC (Network Access Control) - Network level DiD capability that restricts access the networks and sensitive resources.
- Network encryption - Utilizes encryption mechanisms for wireless communication and IPsec.
- Network Firewall - Firewalls control ingress and egress network traffic based on predetermined security rules to prevent unauthorized access and traffic.
- Network Segmentation - Divides the network into smaller, isolated segments. Reduces the attack surface by isolating critical systems.
- VPN (Virtual Private Networks) - Encrypts data transmitted over the network and ensures secure communication channel for remote access.
- Network Failover System - Ensures network availability in the event of failure.
- Attack prevention - Mitigates the risks of most common network layer attacks (e.g.: DoS, SYN Flood).
Defense-in-Depth recommendations
The following defense in depth measures are recommended:
- Network Segmentation - Segment network to isolate different types of traffic and devices.
- Secure Access Controls - Utilize strong authentication and authorization mechanisms to control access to the network and devices.
- Regular Software Updates - Keep all software and firmware up to date to protect against known vulnerabilities.
- Change Default Configuration - Change default usernames, passwords, and settings on the device.
- Disable Unused Services - Turn off unused services and ports on the device to reduce the attack surface.
- Enable Security Features - Activate built-in security features, such as SYN Flood protection, HTTP attack prevention, port scan prevention.
- Physical Security - Restrict physical access to the device and other critical network hardware to authorized personnel only.