defense-in-depth
1
总安装量
1
周安装量
#46216
全站排名
安装命令
npx skills add https://github.com/dralgorhythm/claude-agentic-framework --skill defense-in-depth
Agent 安装分布
amp
1
opencode
1
cursor
1
codex
1
github-copilot
1
Skill 文档
Defense in Depth
Security Layers
âââââââââââââââââââââââââââââââââââ
â Perimeter Security â WAF, DDoS Protection
âââââââââââââââââââââââââââââââââââ¤
â Network Security â Firewalls, VPNs, Segmentation
âââââââââââââââââââââââââââââââââââ¤
â Host Security â OS Hardening, Patching
âââââââââââââââââââââââââââââââââââ¤
â Application Security â AuthN, AuthZ, Input Validation
âââââââââââââââââââââââââââââââââââ¤
â Data Security â Encryption, Access Control
âââââââââââââââââââââââââââââââââââ
Layer Controls
1. Perimeter
- Web Application Firewall (WAF)
- DDoS protection
- Rate limiting
- Bot detection
2. Network
- Network segmentation (VPCs, subnets)
- Security groups / firewalls
- VPN for internal access
- Zero-trust network access
3. Host
- OS hardening
- Patch management
- Endpoint protection
- File integrity monitoring
4. Application
- Authentication (OAuth2, OIDC)
- Authorization (RBAC, ABAC)
- Input validation
- Output encoding
- Session management
- Secure headers
5. Data
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.3)
- Key management
- Data masking
- Access logging
Security Checklist
- WAF configured with OWASP rules
- Network segmentation in place
- All traffic encrypted (TLS)
- Authentication on all endpoints
- Least privilege access controls
- Secrets managed securely
- Audit logging enabled
- Backups encrypted and tested
Principle of Least Privilege
Grant only the minimum permissions needed:
- Use IAM roles, not long-lived credentials
- Scope permissions to specific resources
- Regular access reviews
- Just-in-time access for sensitive operations