Defense in depth (computing): Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 14:24, 25 May 2025 edit PhotographyEdits (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers 13,448 edits merge list Tag: Visual edit: Switched ← Previous edit		Latest revision as of 12:45, 22 July 2025 edit undo AnomieBOT (talk \| contribs) Bots 6,864,479 edits m Dating maintenance tags: {{Cn}}
(2 intermediate revisions by 2 users not shown)
Line 3: == Background == The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods.<ref name=schneier2006>[https://www.schneier.com/blog/archives/2006/02/security_in_the.html Schneier on Security: Security in the Cloud]</ref> It is a layering tactic, conceived<ref>{{Cite web\|title=Some principles of secure design. Designing Secure Systems module Autumn PDF Free Download\|url=https://docplayer.net/17241198-Some-principles-of-secure-design-designing-secure-systems-module-autumn-2015.html\|access-date=2020-12-12\|website=docplayer.net \|archiveurl=https://web.archive.org/web/20240511022456/https://docplayer.net/17241198-Some-principles-of-secure-design-designing-secure-systems-module-autumn-2015.html \| archivedate=11 May 2024}}</ref> by the [[National Security Agency]] (NSA) as a comprehensive approach to information and electronic security.<ref name=nsa1>[https://web.archive.org/web/20121002051613/https://www.nsa.gov/ia/_files/support/defenseindepth.pdf Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.]</ref><ref name=owasp1>[https://cheatsheetseries.owasp.org/cheatsheets/Secure_Product_Design_Cheat_Sheet.html#2-the-principle-of-defense-in-depth OWASP CheatSheet: Defense in depth]</ref> [[File:Defense In Depth - Onion Model.svg\|thumb\|right\|The [[onion model]] of defense in depth]]An insight into defense in depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people the next outer layer of the onion, and [[network security]], host-based security, and [[application security]] forming the outermost layers of the onion.<ref>{{Cite book\|chapter=Security Onion Control Scripts\|date=2014\|chapter-url=http://dx.doi.org/10.1016/b978-0-12-417208-1.09986-4\|title=Applied Network Security Monitoring\|pages=451–456\|publisher=Elsevier\|doi=10.1016/b978-0-12-417208-1.09986-4\|isbn=978-0-12-417208-1\|access-date=2021-05-29}}</ref> Both perspectives are equally valid, and each provides valuable insight into the implementation of a good defense in depth strategy.~~<ref>~~{{~~Cite journal~~cn\|~~title=Metabolomics Provides Valuable Insight for the Study of Durum Wheat: A Review\|url=http://dx.doi.org/10.1021/acs.jafc.8b07097.s001\|access-~~date=2021-05-29\|doi=10.1021/acs.jafc.8b07097.s001\|first1=Sergio \|last1=Saia\|first2=Mariagiovanna \|last2=Fragasso\|first3=Pasquale De \|last3=Vita\|first4=Romina \|last4=Beleggia\|journal=Journal of Agricultural and FoodJuly ~~Chemistry~~2025}}~~</ref>~~ == Controls == Line 34: * [[DMZ (computing)\|Demilitarized zones]] (DMZ) * [[Virtual private network]] (VPN) * [[Biometrics]] * [[Data-centric security]] * [[Physical security]] (e.g. [[deadbolt]] locks)