- Defense in Depth (computing)
Defense in Depth is an
Information Assurance(IA) strategy in which multiple layers of defense are placed throughout an Information Technology(IT) system. It addresses security vulnerabilities in personnel, technology and operations for the duration of the system's lifecycle.
The idea behind the Defense in Depth approach is to defend a system against any particular attack using several, varying methods. It is a layering tactic, conceived by the
National Security Agency(NSA) as a comprehensive approach to information and electronic security. [http://www.nsa.gov/snac/support/defenseindepth.pdf Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.] ]
Defense in depth is originally a military
strategythat seeks to delay, rather than prevent, the advance of an attacker by yielding space in order to buy time. The placement of protection mechanisms, procedures and policies is intended to increase the dependability of an IT system where multiple layers of defense prevent espionage and direct attacks against critical systems. In terms of computer network defense, Defense in Depth measures should not only prevent security breaches, but buys an organization time to detect and respond to an attack, thereby reducing and mitigating the impact of a breach.
Using more than one of the following layers constitutes Defense in Depth.
*Physical Security (e.g. dead bolt locks)
*Authentication and password security
*Firewalls (hardware or software)
*DMZ (Demilitarized zones)
*IDS (Intrusion Detection Software)
*Routers and Switches
* VPN (Virtual private networks)
*Logging and Auditing
*Timed access control
*Software/hardware not available to the public (but see also
Security through obscurity)
*Military - Defence in depth
Wikimedia Foundation. 2010.
Look at other dictionaries:
Defense in depth (computing) — Defense in depth is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control… … Wikipedia
Defense Update — Type Online magazine Format Online, Mobile, Email Publisher Lance Shield Ltd. Editor Tamir Eshel Founded 1978 Language English … Wikipedia
Defence in depth — For the Information Assurance strategy for computer security, see Defense in depth (computing). Defence in depth (also known as deep or elastic defence) is a military strategy; it seeks to delay rather than prevent the advance of an attacker,… … Wikipedia
Defence in depth (disambiguation) — Defence in depth may refer to: *Defence in depth, a military strategy for defense *Defense in Depth (computing), an Information Assurance strategy for computer security … Wikipedia
DMZ (computing) — In computer security, a DMZ (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization s external services to a larger untrusted network, usually the Internet. The purpose of a DMZ … Wikipedia
List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y … Wikipedia
Center for Advanced Defense Studies — The Center for Advanced Defense Studies (CADS) is a Washington, D.C. based non profit, non governmental National Security Group founded by Dr. Newton Howard. CADS utilizes the intent centric paradigm to promote research, innovation and education… … Wikipedia
DID — may mean: Damsel in distress, a classic theme in world literature, art and film Defeat in detail, a military term in which a large force decisively defeats a smaller force with minimal losses Defense in depth, either Defense in depth, a military… … Wikipedia
McCumber cube — The McCumber Cube In 1991, John McCumber created a model framework for establishing and evaluating information security (information assurance) programs, now known as The McCumber Cube. This security model is depicted as a three dimensional Rubik … Wikipedia
Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… … Wikipedia