What is Defense in Depth

Defense-in-depth is fundamental to the design of a secure system. It stems from the idea that software can have flaws; people can make configuration mistakes; and hardware devices can fail. To compensate for events like these, we do not want to rely on a single mechanism to defend our resources. Instead, we deploy multiple layers of protection to account for the possibility that one of them may fail.

Let us apply this concept of defense in depth for securing your home network.

1. Router: You probably have a router(maybe wireless) connected to your cable or DSL modem. The router acts as a firewall protecting you from direct malicious attacks originating from the internet.

2. Anti-virus: Now, while the router acting as a firewall can help you against internet attacks, it cannot protect you against say an email based computer virus or a worm that got downloaded when you visited a malicious web site. An Anti-virus software with the latest signature updates, can protect you from such an attack.

3. Fully patched operating system: A virus probably needs access to some Windows service or a port. A fully patched operating system can add an additional layer of security.

4. Patched applications: More and more malicious worms/viruses are making use of un-patched applications such as Adobe Acrobat, Flash, Apple QuickTime and mostly targeting the web browser. It is very important to update the software running on your machine to provide this later of defense.

All the systems above provide individual security but combine together to provide defense in depth. Not relying on a single security mechanism is the core foundation od defense-in-depth.

You can read more about Defense-in-Depth at Wikipedia


Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll Up