The objective of defense in depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it. A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

Layers of defense in depth:

• Data
  • Stored in a database
  • Stored on disk inside virtual machines
  • Stored on a SaaS application such as Office 365
  • Stored in cloud storage
• Application
  • Ensure applications are secure and free of vulnerabilities.
  • Store sensitive application secrets in a secure storage medium.
  • Make security a design requirement for all application development.
• Compute
  • Secure access to virtual machines.
  • Implement endpoint protection and keep systems patched and current.
• Networking
  • Limit communication between resources.
  • Deny by default.
  • Restrict inbound internet access and limit outbound, where appropriate.
  • Implement secure connectivity to on-premises networks.
• Perimeter
  • Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users.
  • Use perimeter firewalls to identify and alert on malicious attacks against your network.
• Identity and access
  • Control access to infrastructure and change control.
  • Use single sign-on and multi-factor authentication.
  • Audit events and changes.
• Physical security
  • Physical building security and controlling access to computing hardware within the data center is the first line of defense.

References:

• What is defense in depth?

---

Tags

AZ-900Network Security

Buy us a coffe