Defense In Depth

Defense in Depth is a concept about defending a system in layers, usually base on the OSI-model. This means the organization takes all the 7 layers in consideration and implement a security solution for each one of them.

The layers are

Physical layer: Protection of actual hardware and cables.

Data Link layer: Restricting ports against MAC spoofing can be done to protect this layer.

Network layer: In this layer you can use firewall to protect against suspicious IP addresses, and also restrict own IP addresses.

Transport layer: In this layer firewall can also be used to implement restrictions for what kinds of protocols are allowed to be transmitted in their system.

Session layer: This is the layer where encryption and authentication methods are important to be implement.

Presentation layer: This is the layer where anti virus scans can be helpful, but also encryption and input validations.

Application layer: This is a layer where software updates, password and Access control is important.

Defense In Depth is an excellent way of secure all the entry points of an organizations resources.