Defense in Depth

4 minutes
Share the link to this page
You need to purchase the class to view this lesson.
One-time Purchase
List Price:  $139.99
You save:  $40
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  A$179.52
You save:  A$51.29
List Price:  ৳11,871.62
You save:  ৳3,392.13
List Price:  CA$176.80
You save:  CA$50.51
CHF 88.62
List Price:  CHF 124.08
You save:  CHF 35.45
List Price:  kr855.96
You save:  kr244.57
List Price:  €115.06
You save:  €32.87
List Price:  £102.26
You save:  £29.22
List Price:  HK$1,085.49
You save:  HK$310.16
List Price:  ₹10,223.98
You save:  ₹2,921.34
List Price:  RM566.18
You save:  RM161.78
List Price:  ₦53,126.20
You save:  ₦15,180
List Price:  kr1,183.01
You save:  kr338.02
List Price:  NZ$193.55
You save:  NZ$55.30
List Price:  ₱6,723.08
You save:  ₱1,921.02
List Price:  ₨22,447.39
You save:  ₨6,414
List Price:  S$185.30
You save:  S$52.94
List Price:  ฿4,195.50
You save:  ฿1,198.80
List Price:  ₺1,029.66
You save:  ₺294.20
List Price:  B$728.03
You save:  B$208.02
List Price:  R2,105.83
You save:  R601.70
List Price:  Лв225.56
You save:  Лв64.45
List Price:  ₩153,297.25
You save:  ₩43,802.34
List Price:  ₪446.20
You save:  ₪127.49
Already have an account? Log In


A critical concept in the world of IoT security is defense in depth or layered security. Now, before we get into this too much, I want to make sure we're incredibly comfortable with a particular set of terms. And that is diversity versus redundancy. So to help us out here, I'm going to go back to World War One and Becker, World War One, you had these trench systems out there. Now with these trench systems, you didn't have just one trench, you'd have a lot of trenches two or three or four or five trenches. In that particular case, what you're talking about is redundancy.

With redundancy, we have applied some type of security control over and over again, almost always in some form of layered fashion. Now, diversity is a different animal altogether. In diversity, what we're talking about is bringing a different type of control into play. So sticking with that World War One analogy, instead of just having trenches, I'd also put in barbed wire or machine gun posts or something thing like that. Totally different types of controls to prevent the bad guys from coming across no man's land and taking over. And sorry about it.

It's right now is lots of really great stuff World War One was 100 years ago. So I'm watching all that it's on my mind. So now that we're comfortable with the difference of diversity versus redundancy, let's take a look at this a little bit. Now, what I'd like to start off with is, here's an example of a single computer sitting in my office somewhere. And what I want to do is I want to predict protect that from malware. So what can I do?

Well, I can install multiple redundant layers of security. For example, I can put anti malware directly on the system itself. I can set up network based intrusion detection, see if I can find malware that way. I can put malware on access control lists within my firewall. I can put anti malware in a lot of different places and provide a lot of layers to protect that. They're in the middle.

Now diversity is a little bit of a different animal. So with diversity here, total seminars, I only have one internet service provider, and that internet service providers, the popular dosis, Comcast, which a lot of people have these days. Now, I want to give myself some defensive depth here. So when I go out and just go get another Comcast system know, what I want to do is I want to be diverse in this case. So what I'm going to do is I'm going to keep my Comcast system, but I'm also going to go again, another provider here down in southern Texas, at&t, who would provide me a completely different Internet Service Provider service, in case anything were to ever go wrong. So that would be a great example of classic diversity when it comes to internet service providers.

So we do this a lot when it comes to diversity. So we're always thinking about different things like this now, example that I just gave you there is what we would call vendor diversity. In that particular case, I didn't stick with just Comcast I use two different vendors. To provide my internet service provider and by the way, we could do this with just about anything. We could have diversity and routers, diversity and operating systems, almost anything you want. So when we talk about diversity, we tend to think about the physical, administrative and technical control thing.

So when you think about those three things, we want to make sure that we have different types of controls on any particular situation where we want to have defense in depth. One great example would be, I don't want people logging into computers at certain times. So one of the things I could do is I could set up a technical control, and I can configure my Windows Server, so they can only log in between this time and that time, but I can also make administrative control in this case. And by setting up an administrative control, I can basically just assign people to different shifts, and then that way, they're never really going to run into each other. So two very different controls, achieving the exact same thing. Another great example I could do is let's say I don't want people using Facebook during companies time.

So in this particular case, well, I could set up a technical control and basically block Facebook comm right at my firewall. But I could also do an administrative control. And in this particular case, I could set up an acceptable use policy that says, You shall not use social media during business hours. And in that case, once again, I've got two very, very diverse types of security controls, achieving the same job. So when we're talking about defense in depth, it's great to think about the layers the layers are important. But also remember whenever we're doing good defense in depth, you have good diversity.

Sign Up


Share with friends, get 20% off
Invite your friends to TabletWise learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.