Defense in Depth (computing)


Defense in Depth (computing)

Defense in Depth is an Information Assurance (IA) strategy in which multiple layers of defense are placed throughout an Information Technology (IT) system. It addresses security vulnerabilities in personnel, technology and operations for the duration of the system's lifecycle.

Background

The idea behind the Defense in Depth approach is to defend a system against any particular attack using several, varying methods. It is a layering tactic, conceived by the National Security Agency (NSA) as a comprehensive approach to information and electronic security. [http://www.nsa.gov/snac/support/defenseindepth.pdf Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.] ]

Defense in depth is originally a military strategy that seeks to delay, rather than prevent, the advance of an attacker by yielding space in order to buy time. The placement of protection mechanisms, procedures and policies is intended to increase the dependability of an IT system where multiple layers of defense prevent espionage and direct attacks against critical systems. In terms of computer network defense, Defense in Depth measures should not only prevent security breaches, but buys an organization time to detect and respond to an attack, thereby reducing and mitigating the impact of a breach.

Examples

Using more than one of the following layers constitutes Defense in Depth.

*Physical Security (e.g. dead bolt locks)
*Authentication and password security
*Antivirus software
*Firewalls (hardware or software)
*DMZ (Demilitarized zones)
*IDS (Intrusion Detection Software)
*Packet filters
*Routers and Switches
*Proxy servers
* VPN (Virtual private networks)
*Logging and Auditing
*Biometrics
*Timed access control
*Software/hardware not available to the public (but see also Security through obscurity)

References

ee also

*Information Assurance
*Military - Defence in depth


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Defense in depth (computing) — Defense in depth is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control… …   Wikipedia

  • Defense Update — Type Online magazine Format Online, Mobile, Email Publisher Lance Shield Ltd. Editor Tamir Eshel Founded 1978 Language English …   Wikipedia

  • Defence in depth — For the Information Assurance strategy for computer security, see Defense in depth (computing). Defence in depth (also known as deep or elastic defence) is a military strategy; it seeks to delay rather than prevent the advance of an attacker,… …   Wikipedia

  • Defence in depth (disambiguation) — Defence in depth may refer to: *Defence in depth, a military strategy for defense *Defense in Depth (computing), an Information Assurance strategy for computer security …   Wikipedia

  • DMZ (computing) — In computer security, a DMZ (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization s external services to a larger untrusted network, usually the Internet. The purpose of a DMZ …   Wikipedia

  • List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y …   Wikipedia

  • Center for Advanced Defense Studies — The Center for Advanced Defense Studies (CADS) is a Washington, D.C. based non profit, non governmental National Security Group founded by Dr. Newton Howard. CADS utilizes the intent centric paradigm to promote research, innovation and education… …   Wikipedia

  • DID — may mean: Damsel in distress, a classic theme in world literature, art and film Defeat in detail, a military term in which a large force decisively defeats a smaller force with minimal losses Defense in depth, either Defense in depth, a military… …   Wikipedia

  • McCumber cube — The McCumber Cube In 1991, John McCumber created a model framework for establishing and evaluating information security (information assurance) programs, now known as The McCumber Cube. This security model is depicted as a three dimensional Rubik …   Wikipedia

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia