CCNA CyberOps SECFND Objective 2.1

Describe the principles of the defense in depth strategy 

Understanding Cisco Cybersecurity Fundamentals (210-250)

Defense in depth uses a layered approach to security. Each layer by itself is not secure, but together they provide a better security for the data being protected. These layers can be summarized as the following:

  • Nontechnical: policies, procedures and training
  • Physical security: cameras, physical access controls like badge readers, locks
  • Network security: routing protocol authentication, control plane policing, network device hardening
  • Host security: AMP, AV, HIPS
  • Application security: Software Development Lifecycle, testing, fuzzing
  • Data: Encryption at rest and transit

Layers used must be evaluated to keep them from over complicating security causing additional attack vectors to be created.