PacketSource — Security White Papers
 
A A A
 

Defense In Depth: A Small University Takes Up the Challenge

Author: David W. Robinson Published Jan. 13, 2011 from SANS

This paper briefly explores the vital network security design concept of Defense in Depth (DiD). It is based upon extensive research and reading in the field, thirteen years of general experience as a systems administrator for three different firms, plus nearly five years of experience as the current Director of IT at a small multi-campus private university in the USA. This paper is an attempt to define DiD, explore various elements of implementing it, show some "real world" examples of what can go wrong, and the steps that we've taken to correct these problems over time. It will also touch upon the question of diminishing returns, and will outline some of the choices that have been necessary due to our limited budget here at the university. It usually isn't feasible to do everything that a very strong DiD configuration would require, but that doesn't mean that you can't get decent bang-for-the-buck!

Tags:

PDFRead the complete paper at SANS