Defense-in-Depth: An Introduction

Many strategies exist to secure computer systems. However, no single method is sufficient to repel all forms of attacks. In fact, even with every strategy implemented, there will still be imperfections and deficiencies in every secure network. However, the goal of defense in depth is to decrease the chance of an attacker breaking into a system by increasing the layers of security and defense. This paper will briefly cover security policy, employee training, firewalls, passwords, cryptography, anti-virus software, and physical security. A particular strategy of defense will be named, followed by a description of that strategy, noting its strengths, then noting its weaknesses, and finally, relating it to defense in depth.