Defense in depth (computing)
Defense in depth (computing) is a comprehensive security strategy aimed at achieving information assurance (IA) and protecting computer systems from intrusions. This approach employs multiple layers of security measures to thwart attacks and slow down their progress, allowing for timely detection and response. Originating as a military tactic, defense in depth emphasizes the importance of layered defenses that reduce the impact of an attack rather than solely focusing on prevention.
In the context of information technology, this strategy involves a multi-tiered defense system incorporating people, technology, and operations. Senior management plays a critical role in establishing and maintaining this system, ensuring that the latest security technologies are implemented, and that personnel are adequately trained. Effective defense in depth includes strategies such as placing firewalls at various points in a network and employing redundancy to enhance overall security. By creating diverse and challenging obstacles at each layer, organizations can improve their ability to detect intrusions and protect their data. The operational aspects of this strategy focus on timely updates, assessments, and monitoring to maintain security effectiveness. Overall, defense in depth provides a structured and proactive approach to safeguarding information in increasingly complex technological environments.
On this Page
Subject Terms
Defense in depth (computing)
Defense in depth is a strategy used to reach a level of information assurance (IA) and information security. It utilizes the capabilities of current technology and follows approved procedures to guard against and monitor intrusions on an information technology (IT) system. Security measures that are incorporated into a defense-in-depth plan are multilayered in design and intended to thwart an attack and simultaneously slow down its force and speed to allow for the detection of and response to it.
Overview
Defense in depth was originally a military strategy that made use of multiple lines of defense to reduce the strength of an attack rather than prevent or immediately advance against it. Its first recorded use was by ancient Roman armies, and the tactic is used by modern armies worldwide.
Over the centuries, the strategy of defense in depth evolved to apply to several nonmilitary environments, such as engineering and fire prevention. In addition, defense-in-depth principles are used in IT security as a component of information assurance in order to provide protection of electronically networked settings. “Best practices,” or the most current and effective technology, information, and procedures, are applied to three main components of the multi-tiered defense strategy as it relates to computer network protection: people, technology, and operations.
For IT defense-in-depth policy to be effective, senior-level management must be committed to establishing, implementing, and monitoring the system. This is done primarily through a well-defined awareness of perceived threats on the system and then ensuring that effective procedures, policies, technology, and personnel are involved in monitoring and operating the system. For example, senior management is usually responsible for researching and acquiring security technology and then training necessary personnel in its use.
A defense-in-depth system should contain the most up-to-date information protection technology available. Just as military use of defense-in-depth tactics slows an attack in order to ultimately protect against it, the same is true in computer network settings. One method is to defend a system at multiple points and locations, such as at the network and infrastructure levels as well as at the data transmission stage and by controlling access to hosts and servers.
Another method used in slowing an attack on an IT system is through the use of multiple layers of defenses in order to create redundancy and to provide additional lines of defense in case one security measure fails. In terms of layering, the goal is to provide a different and more challenging obstacle to defeat at each layer, which will offer additional opportunities to detect the intrusion and identify the aggressor. Installing firewalls at both the outer and the inner boundaries of a network is an example of redundancy and layering.
The primary focus of the operations facet of a defense-in-depth strategy for information security is on the activities that ensure the effectiveness and efficiency of the strategy. For example, virus updates, security patches, and access lists are completed on time; security assessments are routinely completed; and threats are monitored and addressed.
Bibliography
Andress, Jason, and Steve Winterfeld. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners.Waltham: Elsevier, 2011. Print.
Antunes, Nuno, and Varco Vieira. “Defending against Web Application Vulnerabilities.” Computer45.2 (2012): 66–72. Print.
Brancik, Kenneth C. Insider Computer Fraud: An In-Depth Framework for Detecting and Defending against Insider IT Attacks.Boca Raton: Auerbach, 2007. Print.
Cleghorn, Lance. “Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth.” Journal of Information Security4 (2013): 144–49. Print.
Fruhlinger, Josh. "Defense in Depth Explained: Layering Tools and Processes for Better Security." CSO, 28 July 2022, www.csoonline.com/article/573221/defense-in-depth-explained-layering-tools-and-processes-for-better-security.html. Accessed 24 Jan. 2025.
Knight, John. Fundamentals of Dependable Computing for Software Engineers.Boca Raton: CRC, 2012. Print.
Kostopoulos, George K. Cyberspace and Cybersecurity.Baton Rouge: CRC, 2013. Print.
Weaver, Randy, et al. Guide to Network Defense and Countermeasures.3rd ed. Boston: Course Technology, 2014. Print.
Willett, Keith D. Information Assurance Architecture.Boca Raton: CRC, 2008. Print.