IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Defense in Depth Strategy

While conducting research to prepare this tutorial, I spoke with the AMSC Systems Analysis Specialist who presented to me the phrase Defense in Depth Strategy (DIDS). Very curious as to what it is and when it came about, I did a quick search. To gain a better understanding, I began with a definition and explanation of DIDS presented at a Security Workshop. Because some of you too may be scratching your head and asking what is this? or for those of you who may have heard the phrase, but may not be too sure what it is, I will share my findings with you.

For those folks who are very familiar, please bare with me.


Network Computing defined Defense in depth as "the practice of layering defenses to provide added protection. Defense in depth increases security by raising the cost of an attack. This system places multiple barriers between an attacker and your business-critical information resources: The deeper an attacker tries to go, the harder it gets. These multiple layers prevent direct attacks against important systems and avert easy reconnaissance of your networks. In addition, a defense in depth strategy provides natural areas for the implementation of intrusion-detection technologies. Ideally, the defense in depth measures you implement should buy you time to detect and respond to a breach, reducing its impact (Brooke Paul, Jul 01, Security Workshop at Network Computing)."

The Defense in Depth Strategy is an element of Information Assurance. It has three elements: people, technology, and operations. "People -- hire good people, train and reward them well. Technology -- test, evaluate, & assess. Operations -- maintain vigilance, respond quick to intrusions and be prepared to restore critical services (IAS Thomas E. Anderson briefing slides)."

Let's take a few minutes to lurk about some sites I found interesting -- besides they do a pretty good job at explaining the strategy.

National Information Assurance Partnership. This site explains their affiliation with DOD and provides a wealth of information on projects and services. I had great fun in the library! (This site updates frequently -- do a quick search for Defense in Depth Strategy and you will find several interesting links to articles, partnerships, etc.)

The Importance of Computer Network Incident Reporting within the Defense in Depth. This paper written by Adam Straub, May 01 provides an exceptional overview of what Defense in Depth is and its purpose for DOD. It explains what to report and who to report such incidents.

Defense in Depth: Security for Network-Centric Warfare. This paper written by a U.S. Navy officer provides a comprehensive look at what could be done to minimize system vulnerabilities.

Defense in Depth Strategy -- a strategy to defend our information network

 

What is Information Warfare.... The First Information War....
The Threat.... Network-Centric Warfare....