Jump to content

Talk:Defense in depth (computing)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Just started this stub

[edit]

Luis F. Gonzalez 22:37, 17 November 2006 (UTC)[reply]


I merged Defense in Depth to this page, and created a disambiguation page at the former. I felt this was the right move because Defense in Depth was describing the computer security term, not the military term, though they're rather intertwined. A redirect felt out of place, as it isn't obvious what someone searching for "defense in depth" really wants to see. I just want to make sure everyone is okay with this. -FrankTobia (talk) 06:41, 22 November 2007 (UTC)[reply]

Sources

[edit]

I noticed that a user recently removed a {{Fact}} tag, for good reason I believe. However we should note that this article has no sources. I am not a computer security expert, and I would feel more comfortable if there was at least once authoritative source to be had. Can anyone either dig one up, or point me in the right direction? -FrankTobia (talk) 18:15, 6 December 2007 (UTC)[reply]

"Writing Secure Code", by Michael Howard and David LeBlanc, Microsoft Press (the second edition is current, but I have the first), has a one-page write-up on Defense in Depth. --MattiasAndersson (talk) 22:18, 28 August 2008 (UTC)[reply]
[edit]

The website http://www2.sea.siemens.com/Products/Process-Automation/safetyandsecurity/industrialsecurity/Process-Automation-SafetyandSecurity_Security.htm?languagecode=en has links and discussion of Defense in Depth for process control —Preceding unsigned comment added by Shloshed (talkcontribs) 01:44, 16 May 2008 (UTC)[reply]

Routers and switches?

[edit]

I've never been paid to do IT, so take this outsider's comment with requisite salt, but: How are "routers and switches" considered a security strategy? If someone clueful agrees with me and removes that line from the article, feel free to remove this comment too, to declutter the talk page. Myself248 (talk) 22:58, 12 June 2009 (UTC)[reply]

Routers and switches provide logs than should be collected and compared against a baseline in order to detect anomalous traffic. Also by implementing features on the switch like turning off unused ports and restricting certain types of traffic to specific ports or spans, you reduce your attack profile. — Preceding unsigned comment added by 108.91.176.27 (talk) 11:46, 17 April 2016 (UTC)[reply]

To elaborate on the previous comment: enterprise grade routers and switches run operating systems. They themselves can be exploited and badness can ensue (replay attacks for example). They also offer a variety of security features: ACLs, VLANs, 802.1x port security. Switches can also be utilized to mitigate risk associated with attacks like ARP flooding or ARP cache poisoning. The list goes on. If you are really curious, look into Cisco IOS hardening guidance.

69.254.150.47 (talk) 20:28, 12 November 2016 (UTC)

Did NSA really invent this?

[edit]

There's no date on the linked PDF file, but it does reference earlier work in September of 2000. Surely this isn't the first conception of Defense in Depth as an IT best practice? Perhaps it was already known but under another name and NSA coined this term for an existing practice. Can someone show prior art? -- 24.7.80.209 (talk) 11:39, 10 September 2009 (UTC)[reply]

I agree that this doesn't sound quite right. I'll look into it as well. Jeffp231 (talk) 20:26, 23 January 2010 (UTC)

  • Looks to be established possibly by US Defense-wide Information Assurance Program (contains NSA)
  • 1998 April USCENTCOM - Seems to be pre-established.

"To this end, the Navy has defined, as an integral part of the IT-21 initiative and the NVI, a Defense in Depth strategy which utilizes currently available protection technology in a layered system of defenses designed to protect the confidentiality, integrity, authenticity and availability of the information and IT systems on which network centric warfare depends" http://www.chips.navy.mil/archives/98_apr/Galik.htm

"Our plans integrate resources from outside the command into an information defense in depth structure. As we look to the future, DIO at USCENTCOM will continue driving to achieve the Joint Vision 2010 goal of information superiority" http://www.chips.navy.mil/archives/98_oct/definfo.htm

"DoD-wide IA requirements, determine the return on our IA investments, and objectively assess our defense-in-depth efforts" http://csrc.nist.gov/nissc/1999/proceeding/papers/o32.pdf

204.108.0.11 (talk) 01:21, 27 February 2010 (UTC)