Keeping distance on the road avoids accidents causing injuiry or fatality due to sudden situation changes.

Keeping social distance avoids pandemic spreading among group of people.

Similarly, keeping network distance will be cyber safer as it makes cyber attack harder. Network distance is established via defence layers between untrusted network and the target resources so as to drop or neutralize unintended traffic. The more layers, the more network distance that network traffic has to go thru to reach the destination. Layers, for example, are:

  • Network perimeter (firewall, proxy, IPS, IDS)
  • Application gateway (reverse proxy, DPI)
  • Platform hardening (folder permissiom, white list/black list, no unused modules nor system sevices)
  • System application hardening (change default setting, deny unauthenticated request)
  • Business application hardening (observe good coding practices)

While adding layers, don’t forget to assess if network latency will be introduced affecting specific applications. Last but not least, all these layers shall have latest version and apply least privilege to combat threat actors as much as possible.

Leave a Reply