Defense-in-Depth – CompTIA Security+ SY0-501 – 3.1

The best security strategies use a layered approach. In this video, you’ll learn about the importance of defense-in-depth.

<< Previous Video: Secure Configuration Guides Next: Secure Network Topologies >>

If you’re putting together an IT security strategy for your organization, it is most likely going to involve a number of different security devices and technologies. We call this layering of security defense in depth. It’s never a single security component. It’s a mixture of many different security technologies that provide us with the security that we need.

When you’re working on a layered security strategy, you might start with the physical controls. How do we keep people from physically touching the technology that we need to keep safe? You want to be sure that you have door locks, and that you’re installing fences. Most commonly we see fences on the outside of our building, but we’re also seeing fences that are on the inside of our data center.

You might also want to make sure that your racks have locks on them so that nobody can get inside the physical rack itself. And, of course, cameras can be useful to be able to monitor and make sure that no one is going near any of your equipment.

Once you know that you’re keeping people physically away from their technology, you also want to put together technical controls to keep people at bay. You want to make sure that the hardware and software that you’re using is hardened, and you want to put in place other technical controls, such as firewalls active directory authentication, or disk encryption.

And some of the controls that are most important are your administrative controls. These are the policies and procedures that everyone must follow to make sure that you maintain the security of your infrastructure. There may be a set of policies that are followed when people are brought on board, and another set of policies that are followed when people are off-boarded.

And you may want to have other policies in place that tell you what to do when a visitor comes into your building, or what you do with your backup media. All of these layers work together to provide you with this defense in depth.

When we start putting on all of these different security layers, you may be surprised at both the depth and the breadth of the security technologies in place. Almost everyone will have a firewall in place to maintain the security between the internet and the inside of the network. It might also include with that firewall a DMZ, so that you can provide services to the outside without having anyone gain access to the inside of your network.

If you’re someone who is keeping a lot of usernames and passwords, you may want to make sure that all of this information is both hashed and salted. And there may be a formal process in place to provide authentication for anyone who needs access to any of your services.

It’s common these days to include an intrusion prevention system on your network, and you may want to enable a VPN gateway for people that need access to the inside of your network if they’re on the outside of the building. If someone is coming into the building, you might want to layer on a series of card or badge access to provide that level of security. And once people are using their computers, you want to be sure that they are protected with anti-virus and anti-malware software. And you may have, at the very front of the building, a security guard.

This is just an example of the layers that you could create for this defense in depth. If your organization will use a different combination of technologies depending on the goals you have for IT security.