SoylentNews is people
SoylentNews
The principle of Defence in Depth ("DiD"), says OWASP (Open Web Application Security Project), is that "layered security mechanisms increase security of the system as a whole". That is, if one layer of protection is breached, there's still the opportunity for the attack to be fended off by one or more of the other layers. If anyone's ever drawn something that looks like an onion on the whiteboard – a load of concentric layers with your infrastructure in the middle – that's the concept we're looking at. It's actually a military term that's been adopted by security types in the IT industry who want to be tank commanders when they grow up.
On the face of it it's a pretty simple concept to understand. Rather than just having (say) anti-malware software on your desktop computers, why not also make your Web downloads go through a filter that has malware protection on it too? And yes, this helps. But to do it properly you have to step back a few strides and have an overview of your world: although it's going to cost me 50p in the buzzword swear box, I'm going to say "holistic view".
I secure my systems by naming things like Perl regular expressions. Attackers instantly go cross-eyed and fall over.
(Score: 3, Informative) by driverless on Friday March 24 2017, @11:14AM
Some say security by obscurity is no security at all.
Only security absolutists, who believe that security can only be either absolutely 100% theoretically perfect or totally useless. Unfortunately there are way too many people like this in the security industry, but then you don't have to listen to them. Security in obscurity (*in*, not *by*) is perfectly fine in a large number of cases, either as part of a defence-in-depth strategy or as your only security measure. For defence-in-depth, it cuts down on the number of attackers so you can focus on the ones that matter, not the endless hordes of script kiddies. For the only measure you use, consider how you set up a backup key to get into your house if you lock yourself out. You can use security in obscurity and hide it somewhere on your property where no burglar will even find it. Or you can use the "perfect" solution and put it into a key safe, something like this [screwfix.com]. Which can be opened in about ten seconds by anyone who knows how (any criminals worth their salt should), leaving no traces on the lock. In this case the security-in-obscurity solution is the secure one and the "perfect" solution is the insecure one.