Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"


0 (0 Likes / 0 Dislikes)
>>In this video we're going to delve into the concept of "Defense in depth," the idea that security should be applied in layers. So, when it comes to security, one level of defense might not necessarily be adequate. Depending on the importance of what you are defending, you may want to use multiple layers. You see, taking these security precautions means that if one defense is bypassed, there will be another defense that an attacker would then have to contend with. For example, let's assume you're using a web application firewall, also known as a WAF to protect your application, and an attacker manages to circumvent it, which means they're directly attacking your website. So, to counter any malicious requests that might be sent, your website might need to have its own defenses, such as an input validation, output encoding, and parameterized queries. Another implementation of this concept is multi-factor authentication. These factors are threefold. Something you have (like a physical token), something you know (like a password), or something you are, confirmed by something like a fingerprint. Requiring two different factors in order to authenticate to a system makes it twice as difficult for an attacker to gain unauthorized access. And this is just the tip of the iceberg. There are many potential layers of security that can be used to secure your software, systems, data, and networks. These include: putting your certificates, connection strings, secrets, and passwords in a key vault, enabling DDoS protection from your hosting provider, which is an added layer of network defense that detects denial of service attacks and defends against them, usually by a blackholing or blocking traffic from malicious IP ranges. Enabling logging, auditing, and threat protection, so that you were informed immediately if a threat is detected. Using Just-in-Time, also known as JIT access control to close all ports unless you have requested for them to be open just for a short period of time, as this reduces your attack surface. Performing security testing and a secure code review on your application code. And finally, following best practices in regard to secure design and secure coding, and always asking for second opinion on your design. As you can see, each one of these mitigations that overlaps is considered a layer of security, such as performing security testing and code review. And while very few technical defenses are considered perfectly impenetrable, using multiple layers can help you rest assured that you have done your due diligence in protecting your systems and data to the best of your abilities, which, hopefully, makes your job a little less stressful.

Video Details

Duration: 2 minutes and 32 seconds
Language: English
License: Dotsub - Standard License
Genre: None
Views: 8
Posted by: csintl on Sep 10, 2018


Caption and Translate

    Sign In/Register for Dotsub above to caption this video.