Defense in Depth Model in Critical Infrastructure: Definition & Layers

Instructor: Brandon Bass

Brandon has a MS in systems engineering & a PhD in Cyber Security. He has taught at several universities and possesses 12 industry certifications.

The Defense in Depth Model is a cybersecurity approach that can be applied to all IT systems. This lesson describes what defense in depth is, how it is deployed and what the future holds for Defense in Depth strategies.

Getting Started with Defense in Depth

The premise behind Defense in Depth is simple enough. If we imagine cybersecurity to be a wall between us and the outside, then having multiple walls of varying heights and complexities is always better than just a single wall. Essentially, the Defense in Depth strategy utilizes a multilayered process that includes redundancies of security that can fill in the voids when one particular defensive mechanism is defeated. Because of the information age and the digital revolution, cybersecurity has become increasingly important. When we think about Defense in Depth, the best analogy to think of is that of a castle or fortress. Before the inner recesses can be accessed, there are moats, ramparts, towers, battlements and soldiers lining the parapets ready to lose oil and arrows on to those who encroach upon the domain.

How Defense in Depth Works

The Defense in Depth strategy is a layered approach. The utilization of multiple systems such as firewalls, intrusion dissection systems, intrusion prevention systems, data encryption, malware scanners and/or antiviral software solutions and auditing are all part and parcel to the Defense in Depth structure. This redundant in detail process structure allows for administrators and engineers to effectively close the gaps in security rather than relying upon a single system solution to protect important infrastructure.

Elements of the Defense in Depth

Defense in Depth has several key elements and processes that allow it to function so that no singular element can be overcome leaving infrastructure defenseless. Even though there are several different methodologies aligned to defense, it is necessary to outline how these will be used individually and how they function redundantly to protect the network infrastructure behind them.

Network Security Controls

When having an infrastructure in a network, the first line of defense is always going to be an analysis of network traffic and securing the internal network. Network security is a broad terminology that consists of hardware and software to transition data. The most important things to understand is that a strong perimeter defense is one of the most important aspects of keeping an organization from falling victim to the most elementary of attacks.

Physical Security

Network security must always start with physical security. These are controls designed to prevent individuals from gaining access to network components like cabling closets, routers, switches and other computing equipment responsible for the network processes. Standard process for physical control mechanisms include security guards, two factor authentication systems that use secure cards or biometric technology, camera systems and physical door locks.

Firewall Protection

A firewall is a hardware or software barrier that exists between the internal and external network. Network engineers or administrators will configure rules that will allow specific points of traffic in and out of the internal system while blocking all other types of traffic. What traffic is let in and out is identified and defined within the firewall rule control set.

Technical and Access Control Methods

The utilization of security controls that protect data in transit via encrypted technologies like SHA or AES, two Encryption technologies, and access control methods for authorized user logins protect against both unauthorized access and malicious activity from employees. SHA stands for secure hash algorithm. It is a hash function that utilizes block sizes of anywhere from 512 bits up to 1344 bits and key rounds between 24 and 80 secure data and transmissions.

Algorithm Output in bits Internal size in bits Block size in bits Rounds
MD5 128 128 512 64
Sha 0-1 160 160 512 80
SHA-2 (SHA 224-512) 224-512 256-512 512 64
SHA-3 (SHA224-512) 224-512 1600 576-1344 24

Advanced encryption standard or AES is a symmetric block cipher that is utilized by the industry to protect internal information. AES-256 and 3DES are some of the more notable block cipher used for transmission of data. 3DES is typically found in secure socket layer, known as SSL or transport layer security, known as TLS.

Access controls that use administrative paradigms protect the level of access for user behavior and assist in controlled authentication for specific access levels and implementing changes to any infrastructure notes kept to specific personnel. Most network access control procedures are very granular. Administrators can have full access to all notes, or can only have access to specific nodes depending upon security policy. Specific access to folders can prevent both users and administrators from abusing potential knowledge base data and fractions.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account