The last chapters were about how things go wrong. This one is about how we hold them together. There is no single switch that makes a system safe, so defense is built in layers — each one catching what the one before it missed. This chapter walks through the handful of layers that show up almost everywhere.
5 topics
Chapter 1 ended on a hard fact: no system is ever perfectly secure. Defense is the honest reply to that fact. Instead of chasing one unbreakable wall, defenders stack several ordinary ones, each guarding against a different failure, so that getting past one still leaves the attacker facing the rest.
The five topics here are those ordinary walls. First the idea that ties them together — defense in depth, the habit of layering. Then four specific layers: a filter at the boundary, limits on who can reach what, keeping software up to date, and a safe copy to fall back on. None of them is the whole answer. Together they are how systems actually stay standing.
Layered defenses around what we protect — no single ring is the wall
Filtering
a gate at the boundary blocks unwanted traffic before it gets near
Least privilege
whoever gets past can only reach the little they were given access to
Patching
keeping software current closes the known holes attackers look for
Backups
a separate, safe copy means even total loss can be undone