Defense in Depth
A network firewall filters all traffic coming in and out of a network and tries to prevent threats like hackers and viruses from getting onto the network. Each computer on the network has its own firewall that does the same thing in a different way. The computer also has software that checks websites for malicious code, scans files for known viruses, and actively watches the behavior of programs for anything suspicious. A military installation has fences, security cameras, and guards at the gates. Secure facilities within the base will have additional guards, access control using biometrics, passcodes, id cards, etc., and alarms. The personnel are trained to watch for suspicious activity and alert security or intervene when necessary. This is called "Defense in Depth". Everyone understands this concept intuitively. We use it while driving, in our personal safety, and even in our homes. No single element of defense is sufficient to prevent all attacks. In fact, it's impossible to stop *all* attacks. No security system will ever be perfect. However, each additional layer increases the odds that an attack will be stopped before it can do any serious harm. This is also the concept behind vaccines, face masks, social distancing, limited gatherings, etc.. Whether or not each of these layers is effective, necessary, or unintentionally harmful in some other way is another question altogether. As far as I'm concerned, it's all a waste of time, and we should just go about our lives as if this was a bad flu season. Protect the vulnerable, take reasonable precautions, and keep living. My point is that arguments like "If masks stop the virus, why do we have to stand 6' apart" are silly and they make you look silly when you use them.
- "the arrangement of defensive lines or fortifications so that they can defend each other."
- "a concept used in Information security in which multiple layers of security controls are placed throughout an information technology system.
A network firewall filters all traffic coming in and out of a network and tries to prevent threats like hackers and viruses from getting onto the network. Each computer on the network has its own firewall that does the same thing in a different way. The computer also has software that checks websites for malicious code, scans files for known viruses, and actively watches the behavior of programs for anything suspicious. A military installation has fences, security cameras, and guards at the gates. Secure facilities within the base will have additional guards, access control using biometrics, passcodes, id cards, etc., and alarms. The personnel are trained to watch for suspicious activity and alert security or intervene when necessary. This is called "Defense in Depth". Everyone understands this concept intuitively. We use it while driving, in our personal safety, and even in our homes. No single element of defense is sufficient to prevent all attacks. In fact, it's impossible to stop *all* attacks. No security system will ever be perfect. However, each additional layer increases the odds that an attack will be stopped before it can do any serious harm. This is also the concept behind vaccines, face masks, social distancing, limited gatherings, etc.. Whether or not each of these layers is effective, necessary, or unintentionally harmful in some other way is another question altogether. As far as I'm concerned, it's all a waste of time, and we should just go about our lives as if this was a bad flu season. Protect the vulnerable, take reasonable precautions, and keep living. My point is that arguments like "If masks stop the virus, why do we have to stand 6' apart" are silly and they make you look silly when you use them.
No comments:
Post a Comment
Tell me something.