CISSP Defense in Depth – Bk1D3T1St3

Defense in depth was first used to describe Roman Empire military tactics in the third and fourth centuries, when the Empire no longer tried to stop all invaders at the border, but instead deployed defenses to defeat attackers on Roman soil. In the context of information security, the U.S. National Security Agency first used the phrase to describe the use of multiple types, locations, and layers of defense combined with the ability to detect and analyze breaches for prompt reaction and mitigation.

By using combinations of security controls, the impact from the failure of any single control can be reduced if not eliminated. Many of the security principles above are types of defense in depth.

Separation of privilege ensures that sensitive operations require the active cooperation of two (or more) individuals. The compromise (e.g. rogue or malicious intent) of one individual is not sufficient to compromise the system.

Related Product : EC-Council Certified Incident Handler | ECIH v2

Domain separation places system components into separate enclaves and enforces security controls on communications between the enclaves, so that the compromise of one enclave does not automatically provide access to other parts of the system.

Layering is another method of separating system components: security controls are placed between the layers, preventing an attacker who has compromised one layer from accessing other layers.

While redundancy is primarily a method of protecting against loss of availability by implemented replicated systems or components that operate in parallel, it is also a way to avoid security single-points-of-failure by replicating security controls serially. This means having overlapping security controls such that the failure or compromise of one does not by itself result in an exposure or compromise. An example would be using Linux iptables to block access to certain ports even though the server is behind a firewall which is con- figured to block the same ports. Should a configuration change to one control (the fire- wall or iptables) accidentally remove a Deny rule (or add an inappropriate Allow rule), the “redundant” control in the iptable or firewall will continue to operate.

Defense in depth is related to the concept of assumption of breach, formulated in the early 2000s by Kirk Bailey, now CISO of the University of Washington. Assumption of breach means managing security on the assumption that one or more security controls have already been compromised. The assumption of breach mindset shifts thinking from being simply focused on defending the perimeter (or perimeters), to a balanced approach of establishing multiple defenses so that the compromise of one does not immediately lead to a successful breach, and of considering detection and mitigation to be as important as defense.

Follow Us
https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/