Defence in Depth

Before continuing with my secret plan, I will have to explain some security measures. I can not prove my theories behind the plan, my argumentation must suffice.

Defence in Depth is a simple and effective approach to increase your security. Castles have moats and walls. Moats are filled with water and only attackers who can swim will get through. The walls must be climbed. Only people able to climb will get over them.

Only attackers being able to climb AND swim can get to the king they want to kill. And did I mention the bodyguards (sword fighting skill needed) and the guards with their crossbows (luck needed to get through)?

Combining several different measures of defence increases security.

Example 1:

Four moats to defend the king, nothing else: Only people who can swim can get through – but there are still quite a lot of them.

Example 2:

A moat, a wall, bodyguards and crossbows:

Only lucky swimmers who can climb and fight will get through

If I was a king, I would choose the second defence.

And your computer ?

You can combine:

  • Operating System updates (training your bodyguards)
  • Program updates (training your guards)
  • Firewall (castle wall)
  • Virus Scanner (guards have a list who is allowed into the castle)
  • Behaviour Blocker (guards watch for people who behave strange)
  • Restrict your programs (e.g. with AppArmor…) (not everyone in the castle is permitted to carry a crossbow)
  • Restrict your users’ rights (not everyone may visit the king)
  • Filter Spam/Phishing
  • Add a WebProxy that blocks malicious content and urls
  • You can even run a virus scanner on your gateway and a different one on your clients.

Your Linux distribution/Microsoft/Apple can compile your programs with specific settings (compiler switches) that add even more security.

But do as many different things as possible to increase your security !


~ by thorstensick on June 14, 2009.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: