Difference between revisions of "Defense in depth"

From OWASP
Jump to: navigation, search
(Began the conforming the article to the Principles Template)
(Added the rest of the template sections; expanded the description slightly; added a reference.)
Line 5: Line 5:
 
==Description==
 
==Description==
  
The principle of defense in depth suggests that where one control would be reasonable, more controls that approach risks in different fashions are better. Controls, when used in depth, can make severe vulnerabilities extraordinarily difficult to exploit and thus unlikely to occur.  
+
The principle of defense in depth calls for a set of layered controls that each present unique obstacles for an attacker. Controls used in defense in depth posture enhance the resilience of an application as the failure of one control will not result in the exploitation of the system as a whole. An application using defense in depth would include controls that fit the “protect, detect, and react” paradigm. This means that the application would not just implement controls that prevent an attack from occurring, but would also be capable of detecting a successful attack and response procedures to support the recovery of the application.  
 +
 
 +
With secure coding, this may take the form of tier-based validation, centralized auditing controls, and requiring users to be logged on all pages.
  
With secure coding, this may take the form of tier-based validation, centralized auditing controls, and requiring users to be logged on all pages.
 
  
 
==Examples==
 
==Examples==
Line 13: Line 14:
 
===Vulnerable Administrative Interface===
 
===Vulnerable Administrative Interface===
 
:A flawed administrative interface is unlikely to be vulnerable to anonymous attack if it correctly gates access to production management networks, checks for administrative user authorization, and logs all access.  
 
:A flawed administrative interface is unlikely to be vulnerable to anonymous attack if it correctly gates access to production management networks, checks for administrative user authorization, and logs all access.  
 +
 +
 +
==Related [[Vulnerabilities]]==
 +
 +
 +
 +
==Related [[Controls]]==
 +
 +
 +
 +
==References==
 +
 +
* [http://www.nsa.gov/snac/support/defenseindepth.pdf National Security Agency Defense In Depth Guide]
  
 
[[Category:Principle]]
 
[[Category:Principle]]

Revision as of 07:19, 25 May 2008

This is a principle or a set of principles. To view all principles, please see the Principle Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Description

The principle of defense in depth calls for a set of layered controls that each present unique obstacles for an attacker. Controls used in defense in depth posture enhance the resilience of an application as the failure of one control will not result in the exploitation of the system as a whole. An application using defense in depth would include controls that fit the “protect, detect, and react” paradigm. This means that the application would not just implement controls that prevent an attack from occurring, but would also be capable of detecting a successful attack and response procedures to support the recovery of the application.

With secure coding, this may take the form of tier-based validation, centralized auditing controls, and requiring users to be logged on all pages.


Examples

Vulnerable Administrative Interface

A flawed administrative interface is unlikely to be vulnerable to anonymous attack if it correctly gates access to production management networks, checks for administrative user authorization, and logs all access.


Related Vulnerabilities

Related Controls

References