Defense in depthEdit

Defense in depth is a security paradigm in which multiple layers of defense are engineered into a system so that if an attacker breaches one or more levels within a system, there is still a chance that the remaining levels will prevent a successful attack.

An example of defense in depth as applied to a web application might include:

• Protecting the server with a firewall
• Monitoring for intrusion attempts with a port scanning sentry and log watcher
• Keeping all software on the server up to date
• Disallowing root logins
• Allowing SSH logins only (not telnet)
• Rejecting remote connections to the database
• Using filesystem permissions to limit visibility of private data to other users
• Encrypting all HTTP traffic (with SSL) to guard against man-in-the-middle attacks
• Using CAPTCHAs to reduce possibility of automated attacks
• Implementing a user login system
  • Imposing minimum requirements on passphrase quality
  • Storing only passphrase digests in the database rather than actual passphrases
  • Using random salts to generate digests
• Requiring passphrase confirmation for critical actions to protect against cookie capture attacks
• Storage of sensitive information outside the "web root"
• Filtering of the sensitive information from logs
• Implementing an Access Control List or some other kind of access control within your application at various levels in the Model-View-Controller paradigm
• Limiting privileges of executable code using PHP Safe Mode, Apache’s suEXEC, or similar
• Possible use of security through obscurity

These are just some general possibilities; in the specific case of a given application a defense in depth strategy would look to employ security measures at other points as well.