Talk:Defense in depth (computing)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated Stub-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Computing / Networking (Rated Stub-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by Networking task force.
 

Just started this stub[edit]

Luis F. Gonzalez 22:37, 17 November 2006 (UTC)

Merge from Defense in Depth[edit]

I merged Defense in Depth to this page, and created a disambiguation page at the former. I felt this was the right move because Defense in Depth was describing the computer security term, not the military term, though they're rather intertwined. A redirect felt out of place, as it isn't obvious what someone searching for "defense in depth" really wants to see. I just want to make sure everyone is okay with this. -FrankTobia (talk) 06:41, 22 November 2007 (UTC)

Sources[edit]

I noticed that a user recently removed a {{Fact}} tag, for good reason I believe. However we should note that this article has no sources. I am not a computer security expert, and I would feel more comfortable if there was at least once authoritative source to be had. Can anyone either dig one up, or point me in the right direction? -FrankTobia (talk) 18:15, 6 December 2007 (UTC)

"Writing Secure Code", by Michael Howard and David LeBlanc, Microsoft Press (the second edition is current, but I have the first), has a one-page write-up on Defense in Depth. --MattiasAndersson (talk) 22:18, 28 August 2008 (UTC)

links[edit]

The website http://www2.sea.siemens.com/Products/Process-Automation/safetyandsecurity/industrialsecurity/Process-Automation-SafetyandSecurity_Security.htm?languagecode=en has links and discussion of Defense in Depth for process control —Preceding unsigned comment added by Shloshed (talkcontribs) 01:44, 16 May 2008 (UTC)

Routers and switches?[edit]

I've never been paid to do IT, so take this outsider's comment with requisite salt, but: How are "routers and switches" considered a security strategy? If someone clueful agrees with me and removes that line from the article, feel free to remove this comment too, to declutter the talk page. Myself248 (talk) 22:58, 12 June 2009 (UTC)

Did NSA really invent this?[edit]

There's no date on the linked PDF file, but it does reference earlier work in September of 2000. Surely this isn't the first conception of Defense in Depth as an IT best practice? Perhaps it was already known but under another name and NSA coined this term for an existing practice. Can someone show prior art? -- 24.7.80.209 (talk) 11:39, 10 September 2009 (UTC)

I agree that this doesn't sound quite right. I'll look into it as well. Jeffp231 (talk) 20:26, 23 January 2010 (UTC)

  • Looks to be established possibly by US Defense-wide Information Assurance Program (contains NSA)
  • 1998 April USCENTCOM - Seems to be pre-established.

"To this end, the Navy has defined, as an integral part of the IT-21 initiative and the NVI, a Defense in Depth strategy which utilizes currently available protection technology in a layered system of defenses designed to protect the confidentiality, integrity, authenticity and availability of the information and IT systems on which network centric warfare depends" http://www.chips.navy.mil/archives/98_apr/Galik.htm

"Our plans integrate resources from outside the command into an information defense in depth structure. As we look to the future, DIO at USCENTCOM will continue driving to achieve the Joint Vision 2010 goal of information superiority" http://www.chips.navy.mil/archives/98_oct/definfo.htm

"DoD-wide IA requirements, determine the return on our IA investments, and objectively assess our defense-in-depth efforts" http://csrc.nist.gov/nissc/1999/proceeding/papers/o32.pdf

204.108.0.11 (talk) 01:21, 27 February 2010 (UTC)