Defense in depth
Defense in depth is a security paradigm in which multiple layers of defense are engineered into a system so that if an attacker breaches one or more levels within a system, there is still a chance that the remaining levels will prevent a successful attack.
An example of defense in depth as applied to a web application might include:
- Protecting the server with a firewall
- Monitoring for intrusion attempts with a port scanning sentry and log watcher
- Keeping all software on the server up to date
- Disallowing root logins
- Allowing SSH logins only (not telnet)
- Rejecting remote connections to the database
- Using filesystem permissions to limit visibility of private data to other users
- Encrypting all HTTP traffic (with SSL) to guard against man-in-the-middle attacks
- Using CAPTCHAs to reduce possibility of automated attacks
- Implementing a user login system
- Imposing minimum requirements on passphrase quality
- Storing only passphrase digests in the database rather than actual passphrases
- Using random salts to generate digests
- Requiring passphrase confirmation for critical actions to protect against cookie capture attacks
- Storage of sensitive information outside the "web root"
- Filtering of the sensitive information from logs
- Implementing an Access Control List or some other kind of access control within your application at various levels in the Model-View-Controller paradigm
- Limiting privileges of executable code using PHP Safe Mode, Apache's suEXEC, or similar
- Possible use of security through obscurity
These are just some general possibilities; in the specific case of a given application a defense in depth strategy would look to employ security measures at other points as well.