Domains in Cybersecurity
Let’s start by defining defense in depth. To understand defense in depth, picture a castle from medieval times. Think of all the security measures they put in place. First, you had the moat and only a single retractable bridge across it. If you somehow made it across the moat, you had to deal with the wall. So, you made it across the moat and scaled the wall? Now the castle is at the top of the hill, you’re wearing 100 pounds of armor and weaponry, walking uphill, sometimes several miles.
Some castles even had interior walls that forced you to take a certain, often very narrow, path. But you have to do all of that while archers are shooting at you, they’re rolling huge boulders down the hill at you, they’ve probably dumped something on the ground to make it slick, the list goes on and on and on. And then, when you finally breach the castle, you have to climb a whole host of stairs, usually fighting (fully rested) enemy soldiers as you go. For this reason, many would-be attackers decided castles were not worth attacking at all.
Modern-day defense in depth strategies revolve around this same concept of making an attacker go through multiple layers of defense, with one key difference: we’re applying that to our computer systems. Think about all the controls we have in place on our networks today: firewalls, authentication systems, intrusion detection and prevention systems (network- and host-based), router and switch security, operating system security, data encryption — the list goes on and on. Let’s be clear here, though: No system is unbreachable, so our goal with employing a defense in depth strategy is to put so many obstacles in the path that it’s now not worth the effort to attack.
More about : security engineer career
Comments
Post a Comment