Content deleted Content added
Dimitrie569 (talk | contribs) Deleting some less relevant content. If you disagree with me, you can add again some of the content and, if you want, talk to me on my talk page Tags: Visual edit Mobile edit Mobile web edit Advanced mobile edit |
m Dating maintenance tags: {{Cn}} |
||
| (6 intermediate revisions by 3 users not shown) | |||
Line 3:
== Background ==
The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods.<ref name=schneier2006>[https://www.schneier.com/blog/archives/2006/02/security_in_the.html Schneier on Security: Security in the Cloud]</ref> It is a layering tactic, conceived<ref>{{Cite web|title=Some principles of secure design. Designing Secure Systems module Autumn PDF Free Download|url=https://docplayer.net/17241198-Some-principles-of-secure-design-designing-secure-systems-module-autumn-2015.html|access-date=2020-12-12|website=docplayer.net |archiveurl=https://web.archive.org/web/20240511022456/https://docplayer.net/17241198-Some-principles-of-secure-design-designing-secure-systems-module-autumn-2015.html | archivedate=11 May 2024}}</ref> by the [[National Security Agency]] (NSA) as a comprehensive approach to information and electronic security.<ref name=nsa1>[https://web.archive.org/web/20121002051613/https://www.nsa.gov/ia/_files/support/defenseindepth.pdf Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.]</ref><ref name=owasp1>[https://cheatsheetseries.owasp.org/cheatsheets/Secure_Product_Design_Cheat_Sheet.html#2-the-principle-of-defense-in-depth OWASP CheatSheet: Defense in depth]</ref>
[[File:Defense In Depth - Onion Model.svg|thumb|right|The [[onion model]] of defense in depth]]An insight into defense in depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people the next outer layer of the onion, and [[network security]], host-based security, and [[application security]] forming the outermost layers of the onion.<ref>{{Cite book|chapter=Security Onion Control Scripts|date=2014|chapter-url=http://dx.doi.org/10.1016/b978-0-12-417208-1.09986-4|title=Applied Network Security Monitoring|pages=451–456|publisher=Elsevier|doi=10.1016/b978-0-12-417208-1.09986-4|isbn=978-0-12-417208-1|access-date=2021-05-29}}</ref> Both perspectives are equally valid, and each provides valuable insight into the implementation of a good defense in depth strategy.
== Controls ==
Line 11:
=== Physical ===
Physical controls<ref name="nsa1" /> are anything that physically limits or prevents access to IT systems.
=== Technical ===
Line 17:
=== Administrative ===
Administrative controls are the organization's policies and procedures. Their purpose is to ensure that there is proper guidance available in regard to security and that regulations are met. They include things such as hiring practices, data handling procedures, and security requirements.
== Methods ==
* [[Antivirus software]]
* [[Authentication]] and [[password]] security
Line 31 ⟶ 27:
* [[Multi-factor authentication]]
* [[Vulnerability scanner]]s
* [[Timed access control]]
* [[Internet Security Awareness Training]]
* [[Sandbox (computer security)|Sandbox]]ing
* [[Intrusion detection system]]s (IDS)
* [[Firewall (computing)|Firewall]]s (hardware or software)
* [[DMZ (computing)|Demilitarized zones]] (DMZ)
* [[Virtual private network]] (VPN)
* [[Data-centric security]]
* [[Physical security]] (e.g. [[deadbolt]] locks)
| |||