defense-in-depth

dralgorhythm/defense-in-depth

Security

1 installs

About

SKILL.md

defense-in-depth

dralgorhythm/defense-in-depth

Security

1 installs

About

Apply layered security architecture. Use when designing security controls, hardening systems, or reviewing security posture. Covers multiple security layers.

SKILL.md

Defense in Depth

Security Layers

┌─────────────────────────────────┐
│         Perimeter Security       │  WAF, DDoS Protection
├─────────────────────────────────┤
│         Network Security         │  Firewalls, VPNs, Segmentation
├─────────────────────────────────┤
│         Host Security            │  OS Hardening, Patching
├─────────────────────────────────┤
│         Application Security     │  AuthN, AuthZ, Input Validation
├─────────────────────────────────┤
│         Data Security            │  Encryption, Access Control
└─────────────────────────────────┘

Layer Controls

1. Perimeter

Web Application Firewall (WAF)
DDoS protection
Rate limiting
Bot detection

2. Network

Network segmentation (VPCs, subnets)
Security groups / firewalls
VPN for internal access
Zero-trust network access

3. Host

OS hardening
Patch management
Endpoint protection
File integrity monitoring

4. Application

Authentication (OAuth2, OIDC)
Authorization (RBAC, ABAC)
Input validation
Output encoding
Session management
Secure headers

5. Data

Encryption at rest (AES-256)
Encryption in transit (TLS 1.3)
Key management
Data masking
Access logging

Security Checklist

WAF configured with OWASP rules
Network segmentation in place
All traffic encrypted (TLS)
Authentication on all endpoints
Least privilege access controls
Secrets managed securely
Audit logging enabled
Backups encrypted and tested

Principle of Least Privilege

Grant only the minimum permissions needed:

Use IAM roles, not long-lived credentials
Scope permissions to specific resources
Regular access reviews
Just-in-time access for sensitive operations

About

SKILL.md

About

Apply layered security architecture. Use when designing security controls, hardening systems, or reviewing security posture. Covers multiple security layers.

SKILL.md

Defense in Depth

Security Layers

┌─────────────────────────────────┐
│         Perimeter Security       │  WAF, DDoS Protection
├─────────────────────────────────┤
│         Network Security         │  Firewalls, VPNs, Segmentation
├─────────────────────────────────┤
│         Host Security            │  OS Hardening, Patching
├─────────────────────────────────┤
│         Application Security     │  AuthN, AuthZ, Input Validation
├─────────────────────────────────┤
│         Data Security            │  Encryption, Access Control
└─────────────────────────────────┘

Layer Controls

1. Perimeter

Web Application Firewall (WAF)
DDoS protection
Rate limiting
Bot detection

2. Network

Network segmentation (VPCs, subnets)
Security groups / firewalls
VPN for internal access
Zero-trust network access

3. Host

OS hardening
Patch management
Endpoint protection
File integrity monitoring

4. Application

Authentication (OAuth2, OIDC)
Authorization (RBAC, ABAC)
Input validation
Output encoding
Session management
Secure headers

5. Data

Encryption at rest (AES-256)
Encryption in transit (TLS 1.3)
Key management
Data masking
Access logging

Security Checklist

WAF configured with OWASP rules
Network segmentation in place
All traffic encrypted (TLS)
Authentication on all endpoints
Least privilege access controls
Secrets managed securely
Audit logging enabled
Backups encrypted and tested

Principle of Least Privilege

Grant only the minimum permissions needed:

Use IAM roles, not long-lived credentials
Scope permissions to specific resources
Regular access reviews
Just-in-time access for sensitive operations