A security architecture based on the idea that any one point of protection may, and probably will, be defeated. It implies layers of security and detection, even on single systems and provides the following features:
– Attackers are faced with breaking through or bypassing each layer without being detected.
– A flaw in one layer can be protected by capabilities in other layers.
– System security becomes a set of layers within the overall network security.
– Security is improved by requiring the attacker to be perfect while ignorant. |