Defence in Depth

From The Secure Arc Wiki

Jump to: navigation, search

Contents

Assertion

A system should employ multiple levels of defence such that a single breach of one sub-system does not expose the entire system directly to an attacker.

Rationale

Multiple levels of defence provides a number of security benefits.

  1. Firstly it can force an attacker to a limited path through which they can compromise a system. For example, in a properly partitioned network, breaching a firewall into the DMZ would only grant an attacker the ability to connect to HTTP ports in more critical subnets, even if they gain root control of a Reverse Proxy or Web Server hosted in the DMZ. They are then forced to compromise the next layer through some form of HTTP based attack.
  2. One of the most common causes of security breaches is through bugs in software and configuration. Having a Defence in Depth strategy can mitigate the risk of bugs like this being present thanks to additional authorisation checks performed at the service layer in addition to those at the User Interface layer. A bug would have to occur in multiple places to be exposed. This is closely related to the Do not Trust Services principle.
  3. With a suitably monitored network, a breach of one layer, if detected, will be limited in the scope of damage that can be caused while the system and network administrators have time to address the breach before any critical data or systems are breached.

Further detailed information is available on Wikipedia.

Related References

Policies & Standards

ACSI-33 - Australian Government Information and Communications Technology Security Manual

  • Section 3.1.5
    • Physical security is founded on the use of successive layers of physical security barriers.


Standard of Good Practice for Information Security

  • Section SD4.1 - System Design
    • provide ‘defence in depth’ (ie multiple layers of protection) to avoid reliance on one type or method of security control

Design Patterns

Navigation

Personal tools