Defense in Depth Strategy
While conducting research to prepare this tutorial, I spoke with
the AMSC Systems Analysis Specialist who presented to me the phrase
Defense in Depth Strategy (DIDS). Very curious as
to what it is and when it came about, I did a quick search. To
gain a better understanding, I began with a definition and explanation
of DIDS presented at a Security Workshop. Because some of you
too may be scratching your head and asking what is this? or
for those of you who may have heard the phrase, but may not be
too sure what it is, I will share my findings with you.
For those folks who are very familiar, please bare with me.
Network Computing defined Defense in depth as "the practice
of layering defenses to provide added protection. Defense in depth
increases security by raising the cost of an attack. This system
places multiple barriers between an attacker and your business-critical
information resources: The deeper an attacker tries to go, the
harder it gets. These multiple layers prevent direct attacks against
important systems and avert easy reconnaissance of your networks.
In addition, a defense in depth strategy provides natural areas
for the implementation of intrusion-detection technologies. Ideally,
the defense in depth measures you implement should buy you time
to detect and respond to a breach, reducing its impact (Brooke
Paul, Jul 01, Security Workshop at Network Computing)."
The Defense in Depth Strategy is an element of Information
Assurance. It has three elements: people, technology, and
operations. "People -- hire good people, train and reward
them well. Technology -- test, evaluate, & assess. Operations
-- maintain vigilance, respond quick to intrusions and be prepared
to restore critical services (IAS Thomas E. Anderson briefing
Let's take a few minutes to lurk about some sites I found interesting
-- besides they do a pretty good job at explaining the strategy.
Information Assurance Partnership. This site explains their
affiliation with DOD and provides a wealth of information on projects
and services. I had great fun in the library! (This site updates
frequently -- do a quick search for Defense in Depth Strategy
and you will find several interesting links to articles, partnerships,
Importance of Computer Network Incident Reporting within the Defense
in Depth. This paper written by Adam Straub, May 01 provides
an exceptional overview of what Defense in Depth is and its purpose
for DOD. It explains what to report and who to report such incidents.
in Depth: Security for Network-Centric Warfare. This paper
written by a U.S. Navy officer provides a comprehensive look at
what could be done to minimize system vulnerabilities.
in Depth Strategy -- a strategy to defend our information network