Scribd
Upload
66 views19 pages

Defense in Depth

Defense in depth is a cybersecurity strategy that employs multiple layers of security measures to protect assets and mitigate risks, akin to the layered defenses of a castle. It includes three main controls: technical, administrative, and physical, each serving distinct roles in safeguarding systems. Additionally, technologies like VPNs and Multi-factor Authentication (MFA) enhance security by encrypting data and requiring multiple verification factors for access.

Uploaded by

abdoumazouzi29
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views19 pages

Defense in Depth

Defense in depth is a cybersecurity strategy that employs multiple layers of security measures to protect assets and mitigate risks, akin to the layered defenses of a castle. It includes three main controls: technical, administrative, and physical, each serving distinct roles in safeguarding systems. Additionally, technologies like VPNs and Multi-factor Authentication (MFA) enhance security by encrypting data and requiring multiple verification factors for access.

Uploaded by

abdoumazouzi29
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Defense In Depth

Definition :

Defense in depth is a security strategy that combines multiple layers of cybersecurity measures
and controls to protect your assets and mitigate risks and threats . the concept revolves around
the fact that if one line of layer of security is compromised, there is another one protecting
above it.

DID is also called a “castle approach” since castles in the early days used layered defences flike
moat, walls, towers and the same can be compared to modern cybersecurity steps like firewalls,
encryption, access controls for holistic defense.

“The methodology involves around layering heterogeneous security technologies in the


common attack vectors to ensure that attacks missed bu one technology are caught by another.”
-NIST.IR.8183 (Defense-in-Depth).
Defense in depth three controls are :

1 Technical Controls

Administrative
2
Controls

3
Physical Controls
Simplified Architecture:
physical Controls:

Physical controls form the outermost layer of Defense in Depth. It focuses on preventing
unauthorized access to systems and infrastructure. These controls safeguard assets such as
servers, network devices, and ICS components through measures like:
Access control mechanisms : Key cards, biometric authentication, and PINs for restricted
areas.

Perimeter security: Fences, gates, locked cabinets, and reinforced barriers around sensitive
locations.

Monitoring systems: Security cameras, motion detectors, and intrusion alarms for
continuous surveillance.

Environmental protection: Ensuring systems operate in stable conditions with proper HVAC,
dust filters, and vibration-prof setups to prevent environmental damage.
Administrative Controls:

Administrative controls establish the policies, procedures, and training necessary for a
robust security posture. They align human behaviour with security goals through:

Policies and Procedures: Written guidelines on system use, incident response, and risk
management practices.

Training and awareness: Regular cybersecurity training programs to educate employees


about threats like phishing and social engineering.

Incident response plans: Clearly defined steps for detecting, responding to, and recovering
from security breaches.

Vendor and supply chain management: Ensuring third-party partners adhere to security
standard and practices.
Technical Controls:

Technical controls form the backbone of your cybersecurity defenses, employing tools and
configurations to protect systems from digital threats. It is also the innermost layer of your
defense in depth strategy.Key elements include:

Network security: Firewalls, intrusion detection systems (IDS), and demilitarized zones
(DMZs) to segment and secure networks.

Access management: Role-based access control, secure authentication methodes, and user
privilege restrictions.

Host security: Regular patch management , antivirus solutions, and system hardening to
reduce vulnerabilities.

Data security: Encryption for data at rest and in transit, alongside backup solutions to
ensure data integrity.
VPN:

A VPN, which stands for virtual private network, establishes


a digital connection between your computer and a remote
server owned by a VPN provider, creating a point-to-point
tunnel that encrypts your personal data, masks your IP
address, and lets you sidestep website blocks and firewalls
on the internet.
How vpn works:
VPNs encrypt traffic between remote devices and the internal network, creating a
secure tunnel that prevents eavesdropping and IP exposure.
Key Features:

AES-256 Encryption: Military-grade encryption used in most VPNs (prevents packet


sniffing).

IP Masking: Replaces your real IP with one from the VPN server to hide location

Remote Access: Enables employees to connect securely to internal systems from outside
the office.

Bypass Geo-blocking: Useful in restrictive countries or for accessing region-specific


services securely.
Benchmarks:

open source Paid

NordLayer, Cisco AnyConnect, Palo Alto


OpenVPN, Wire-Guard, StrongSwan GlobalProtect

these tools are widely used in enterprises


these tools like cisco and palo alto are
and secure linux environments industry leaders in secure network access
MFA :
Multi-factor Authentication (MFA) is an authentication method
that requires the user to provide two or more verification factors to
gain access to a resource such as an application, online account, or a
VPN. MFA is a core component of a strong identity and access
management (IAM) policy. Rather than just asking for a username
and password, MFA requires one or more additional verification
factors, which decreases the likelihood of a successful cyber attack.
How mfa works:
MFA works by requiring additional verification information (factors). One of the most
common MFA factors that users encounter are one-time passwords (OTP). OTPs are
those 4-8 digit codes that you often receive via email, SMS or some sort of mobile
app. With OTPs a new code is generated periodically or each time an authentication
request is submitted. The code is generated based upon a seed value that is assigned
to the user when they first register and some other factor which could simply be a
counter that is incremented or a time value.
Key Features:

Two-Factor/Three-Factor Authentication: Enhances security by combining credential


types.

Biometric Support: Uses fingerprint/face scans, often on mobile or physical key (e.g.,
YubiKey).

Time-Based OTPs (TOTP): Secure rotating codes valid for short durations (e.g., Google
Authenticator).

Push Notification Approvals: Users approve access via mobile app prompts (e.g., Duo
Push).

Self-Service Device Management: Users can manage their own trusted devices or reset
credentials securely.
Benchmarks:

open source Paid

Duo Security ,Microsoft Azure MFA


FreeRADIUS + Google Authenticator ,
privacyIDEA

Integrates MFA with PAM/Linux systems /


Adaptive MFA, push, integrations
Centralized, open-source MFA manager /Cloud-based MFA, seamless with MS365

You might also like