Defense In Depth: A Small University Takes Up the Challenge

This paper briefly explores the vital network security design concept of Defense in Depth (DiD). It is based upon extensive research and reading in the field, thirteen years of general experience as a systems administrator for three different firms, plus nearly five years of experience as the current Director of IT at a small multi-campus private university in the USA. During that time, I have had numerous opportunities to gather first-hand experience of the need for proper network security in something other than a 'one layer/skin deep' configuration and to see some of the ways in which networks can be exposed to threat vectors through improper planning design and implementation. It has become quite clear to me that network security practices that are superficial and ignore the need for DiD expose mission-critical data and processes to potentially devastating compromise.