Site Overlay

What is Defense in Depth

Defense-in-depth is fundamental to the design of a secure system. It stems from the idea that software can have flaws; people can make configuration mistakes; and hardware devices can fail. To compensate for events like these, we do not want to rely on a single mechanism to defend our resources. Instead, we deploy multiple layers of protection to account for the possibility that one of them may fail.

Let us apply this concept of defense in depth for securing your home network.

1. Router: You probably have a router(maybe wireless) connected to your cable or DSL modem. The router acts as a firewall protecting you from direct malicious attacks originating from the internet.

2. Anti-virus: Now, while the router acting as a firewall can help you against internet attacks, it cannot protect you against say an email based computer virus or a worm that got downloaded when you visited a malicious web site. An Anti-virus software with the latest signature updates, can protect you from such an attack.

3. Fully patched operating system: A virus probably needs access to some Windows service or a port. A fully patched operating system can add an additional layer of security.

4. Patched applications: More and more malicious worms/viruses are making use of un-patched applications such as Adobe Acrobat, Flash, Apple QuickTime and mostly targeting the web browser. It is very important to update the software running on your machine to provide this later of defense.

All the systems above provide individual security but combine together to provide defense in depth. Not relying on a single security mechanism is the core foundation od defense-in-depth.

You can read more about Defense-in-Depth at Wikipedia

Similar Posts:

Published By:

Author: Ajit Gaddam

Ajit Gaddam is an accomplished technology executive and is currently the Head of Security Engineering at Visa, where he is responsible for building large scale AI driven cybersecurity products, leading engineering programs, and providing expert guidance on cybersecurity matters. He has presented at conferences worldwide, including USENIX Enigma, RSA, Black Hat, Strata Data Hadoop, COSO Dublin, and GCS Ukraine. Ajit has been quoted by major media organizations and his work has been showcased in academic journals, security publications, and in two published books. He is an active participant in various open source and standards bodies, is a prolific inventor of disruptive technologies (over 100+ global patents), and moonlights as an instructor (SANS, community colleges).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll Up