1.4. Security as a Design Principle: Defense in Depth

💡 First Principle: Security isn't a single device or setting—it's layers of controls that assume any single control can fail. No firewall is impenetrable. No password is unguessable. Defense in depth means each layer provides value even when others fail, slowing attackers enough to detect and respond.

Think of bank security: surveillance cameras, alarms, locked doors, the vault, time-delay locks, armed response. Each layer provides protection even if others fail. A thief might disable cameras, but they still face the vault. They might crack the vault, but time-delay gives police time to arrive. Networks need the same layered approach.

What breaks without defense in depth: A single firewall bypass—through phishing, misconfiguration, or zero-day exploit—gives attackers complete access to everything behind it. With only perimeter security, "inside" means "trusted," and lateral movement is trivial.