Defense in Depth
“Defense in depth” is a way to build security systems so that when one layer of defense fails, there is another to take its place. If breaking in is hard enough for an attacker, it’s likely that they’ll abandon their assault, deciding it’s not worth the effort. Making the various layers different types of defense also makes it harder to get in, so that an attacker is less likely to get through all the layers. It can also keep one mistake from causing total security failure.
For example, if you have an office with one door and leave it unlocked by accident, then anyone can just walk in. However, if you have an office building with a main door, then a lobby and hallways, and then additional inner locked doors, then the chance of accidentally leaving both unlocked is small. If you accidentally leave the inner door open or unlocked, someone can only get into the office if they first get through the outer door.
Another example of defense in depth is making and maintaining offsite computer backups. The chance of an office being destroyed and all your data with it is low, but not zero. If you maintain offsite backups, then your losses in a catastrophe are reduced.
Another way to decrease risk of data loss is to keep multiple backups in widely separated locations, held by different people or companies. This ensures you still have access to data even when one account is locked out, a storage facility goes out of business, or an account is hijacked by an attacker.
What about the rogue insider threat? You can protect each backup with different credentials, and ensure few or no employees have access to more than one backup.
A security scheme is only as strong as its weakest link, so your various defenses need to be on par with each other. If your office is locked up nice and tight, but anyone can get into your computer over the network, then all your office security isn’t going to do much good and vice versa.
When considering security, it’s important to think about the cost compared to the potential loss. Picture a house. With a normal house, it’s not too hard to get in; all you have to do is break a window. Considering that, is it really worth spending lots of money on fancy locks for the doors? You can add bars to the windows and install multiple fancy door locks, but is it worth the inconvenience and ugliness? Perhaps moving to a new neighborhood is a better solution.
Recognizing that no defense is foolproof, and that a combination of cheap defenses may be more effective than one expensive defense, consider the concept of defense in depth whenever looking at protection, whether it be of an office building, website, or castle.
These articles go into more detail on the topic:
- http://en.wikipedia.org/wiki/Defense_in_depth_(computing)
- https://www.owasp.org/index.php/Defense_in_depth
- http://www.nsa.gov/ia/_files/support/defenseindepth.pdf
Comments