Introducing Defense in Depth
In information security, Defense in Depth is a collaborative use of multiple security countermeasures to protect an enterprise against targeted attacks. We can define targeted attacks, as attacks that are against the confidentiality, integrity, and availability of a system/service.
Defense in Depth is also called the layered-based approach and ideally, each layer protects against a specific type of threat. When these layers are combined together, they act as a shield that protects against most attacks.
While we are talking about layers, let's look at some layers:
- Firewalls
- Antivirus
- Intrusion prevention systems (IPS) / Intrusion detection systems (IDS)
- Virtual private networks (VPN)
- Vulnerability scanners
- Multi-Factor authentication (MFA)
- Encryption
- Hashing
- Web application firewall
- Authentication and authorization
- Demilitarized zones (DMZ)
So overall, if we observe, each layer protects against a specific type of threat and together when these layers are combined and architected correctly, they will work as a proper Defense in Depth approach that can withstand security-related attacks against the organization.
When it comes to a cloud-based platform, a lot of things change—the way security, control, and visibility that was present in the data center environment are no longer present, and this is the reason why the approaches that we use might differ considerably.
For example, during the time of data centers, organizations either purchased a hardware firewall, used a shared firewall, or some organizations used to prefer host-based firewalls such as iptables. However, in a cloud environment such as AWS, we generally make use of security groups and NACL that forms both stateful and stateless firewalls.
Similarly, a lot of approaches, tools, and methodologies change quite a lot when we use the cloud environment.
Having said this, each of the layers contains a different set of tools, configurations, and best practices, and throughout this book, you will learn each of them precisely.