O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security Countermeasures

In security architecture, many countermeasures are needed to make an environment more secure. In this section, we discuss several concepts that will help a designer be able to design a more secure environment. A security specialist can also use these principles to help recognize and distinguish secure environments from those that are less so.

Defense in depth

Defense in depth is a security architecture concept that describes a strategy for resisting attacks. A system that employs a defense in depth will have two or more layers of protective controls that are designed to protect the system or data stored there.

An example defense-in-depth architecture would consist of a database protected by several components:

check.png Screening router

check.png Firewall

check.png Intrusion prevention system

check.png Hardened operating system

check.png OS-based network access filtering

All the layers listed here help to protect the database. In fact, each one of them by itself offers nearly complete protection. But when considered ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required