In security architecture, many countermeasures are needed to make an environment more secure. In this section, we discuss several concepts that will help a designer be able to design a more secure environment. A security specialist can also use these principles to help recognize and distinguish secure environments from those that are less so.
Defense in depth
Defense in depth is a security architecture concept that describes a strategy for resisting attacks. A system that employs a defense in depth will have two or more layers of protective controls that are designed to protect the system or data stored there.
An example defense-in-depth architecture would consist of a database protected by several components:
Intrusion prevention system
Hardened operating system
OS-based network access filtering
All the layers listed here help to protect the database. In fact, each one of them by itself offers nearly complete protection. But when considered ...