¿Qué es Conceptos Técnicos?

Conceptos Técnicos - Comfidentia

Defense in Depth (también “Defensa en Profundidad” o “Seguridad Multicapa”) es una estrategia de seguridad que implementa múltiples capas de controles de protección para crear redundancia y resiliencia, asegurando que si una capa falla, las demás continúen protegiendo los activos. Esta estrategia combina controles físicos, técnicos y administrativos en diferentes niveles de la infraestructura, aplicaciones y procesos, siendo fundamental para proteger contra amenazas avanzadas persistentes (APT) y reducir la superficie de ataque.

¿Qué es Defense in Depth?

Defense in Depth es un enfoque de seguridad que reconoce que ningún control individual es perfecto y que las amenazas pueden evolucionar, por lo que implementa múltiples capas de defensa para crear un sistema robusto y resiliente.

Principios Fundamentales

Múltiples Capas de Protección

Redundancia: Múltiples controles para la misma amenaza
Diversidad: Diferentes tipos de controles
Profundidad: Múltiples niveles de defensa
Cobertura: Protección completa del perímetro

Fallo Seguro

Fallo Cerrado: Si falla, bloquea por defecto
Degradación Gradual: Pérdida gradual de funcionalidad
Recuperación: Capacidad de recuperación automática
Monitoreo: Detección de fallos

Redundancia Inteligente

Controles Complementarios: Controles que se refuerzan
Detección Temprana: Detección en múltiples puntos
Respuesta Coordinada: Respuesta coordinada entre capas
Aprendizaje: Mejora basada en incidentes

Capas de Defense in Depth

Capa 1: Políticas y Procedimientos

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
class PolicyLayer:
    def __init__(self):
        self.policies = {}
        self.procedures = {}
        self.compliance_frameworks = {
            'ISO_27001': {'coverage': 0.9, 'maturity': 'high'},
            'NIST': {'coverage': 0.8, 'maturity': 'medium'},
            'COBIT': {'coverage': 0.7, 'maturity': 'medium'}
        }
    
    def create_policy(self, policy_id, policy_config):
        """Crear política de seguridad"""
        self.policies[policy_id] = {
            'policy_id': policy_id,
            'name': policy_config['name'],
            'category': policy_config['category'],
            'scope': policy_config['scope'],
            'requirements': policy_config.get('requirements', []),
            'enforcement_level': policy_config.get('enforcement_level', 'mandatory'),
            'review_frequency': policy_config.get('review_frequency', 'annual'),
            'last_review': None,
            'next_review': None,
            'compliance_status': 'pending'
        }
    
    def create_procedure(self, procedure_id, procedure_config):
        """Crear procedimiento de seguridad"""
        self.procedures[procedure_id] = {
            'procedure_id': procedure_id,
            'name': procedure_config['name'],
            'policy_id': procedure_config['policy_id'],
            'steps': procedure_config.get('steps', []),
            'responsible_role': procedure_config.get('responsible_role', 'Security_Team'),
            'frequency': procedure_config.get('frequency', 'as_needed'),
            'automation_level': procedure_config.get('automation_level', 'manual'),
            'success_metrics': procedure_config.get('success_metrics', [])
        }
    
    def assess_policy_coverage(self):
        """Evaluar cobertura de políticas"""
        coverage_areas = {
            'access_control': 0,
            'data_protection': 0,
            'incident_response': 0,
            'business_continuity': 0,
            'compliance': 0
        }
        
        for policy in self.policies.values():
            category = policy['category']
            if category in coverage_areas:
                coverage_areas[category] += 1
        
        total_policies = len(self.policies)
        coverage_percentage = {
            area: (count / total_policies * 100) if total_policies > 0 else 0
            for area, count in coverage_areas.items()
        }
        
        return coverage_percentage
    
    def get_policy_effectiveness(self, policy_id):
        """Obtener efectividad de política"""
        if policy_id not in self.policies:
            return None
        
        policy = self.policies[policy_id]
        
        # Factores de efectividad
        factors = {
            'clarity': 0.8,  # Claridad de la política
            'enforcement': 0.7,  # Nivel de cumplimiento
            'awareness': 0.9,  # Conocimiento del personal
            'review_frequency': 0.6,  # Frecuencia de revisión
            'compliance': 0.8  # Cumplimiento normativo
        }
        
        effectiveness = sum(factors.values()) / len(factors)
        
        return {
            'policy_id': policy_id,
            'effectiveness_score': effectiveness,
            'factors': factors,
            'recommendations': self.get_improvement_recommendations(factors)
        }
    
    def get_improvement_recommendations(self, factors):
        """Obtener recomendaciones de mejora"""
        recommendations = []
        
        if factors['clarity'] < 0.8:
            recommendations.append('Mejorar claridad de la política')
        if factors['enforcement'] < 0.8:
            recommendations.append('Aumentar nivel de cumplimiento')
        if factors['awareness'] < 0.8:
            recommendations.append('Mejorar capacitación del personal')
        if factors['review_frequency'] < 0.8:
            recommendations.append('Aumentar frecuencia de revisión')
        if factors['compliance'] < 0.8:
            recommendations.append('Mejorar cumplimiento normativo')
        
        return recommendations

# Ejemplo de uso
policy_layer = PolicyLayer()

# Crear políticas
policy_layer.create_policy('POL-001', {
    'name': 'Access Control Policy',
    'category': 'access_control',
    'scope': 'All users and systems',
    'requirements': ['Authentication', 'Authorization', 'Audit'],
    'enforcement_level': 'mandatory'
})

policy_layer.create_policy('POL-002', {
    'name': 'Data Protection Policy',
    'category': 'data_protection',
    'scope': 'All data assets',
    'requirements': ['Encryption', 'Classification', 'Retention'],
    'enforcement_level': 'mandatory'
})

# Evaluar cobertura
coverage = policy_layer.assess_policy_coverage()
print(f"Cobertura de políticas: {coverage}")

# Evaluar efectividad
effectiveness = policy_layer.get_policy_effectiveness('POL-001')
print(f"Efectividad de política: {effectiveness['effectiveness_score']:.2f}")

Capa 2: Controles Físicos

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
class PhysicalSecurityLayer:
    def __init__(self):
        self.physical_controls = {}
        self.access_points = {}
        self.monitoring_systems = {}
        self.environmental_controls = {}
    
    def install_physical_control(self, control_id, control_config):
        """Instalar control físico"""
        self.physical_controls[control_id] = {
            'control_id': control_id,
            'type': control_config['type'],
            'location': control_config['location'],
            'function': control_config['function'],
            'status': 'active',
            'last_maintenance': None,
            'next_maintenance': None,
            'effectiveness': 0.0
        }
    
    def create_access_point(self, point_id, point_config):
        """Crear punto de acceso"""
        self.access_points[point_id] = {
            'point_id': point_id,
            'name': point_config['name'],
            'location': point_config['location'],
            'access_type': point_config['access_type'],
            'controls': point_config.get('controls', []),
            'monitoring': point_config.get('monitoring', True),
            'access_log': []
        }
    
    def log_access_attempt(self, point_id, user_id, access_type, timestamp, success):
        """Registrar intento de acceso"""
        if point_id in self.access_points:
            access_record = {
                'user_id': user_id,
                'access_type': access_type,
                'timestamp': timestamp,
                'success': success,
                'point_id': point_id
            }
            
            self.access_points[point_id]['access_log'].append(access_record)
    
    def assess_physical_security(self):
        """Evaluar seguridad física"""
        assessment = {
            'total_controls': len(self.physical_controls),
            'active_controls': len([c for c in self.physical_controls.values() if c['status'] == 'active']),
            'access_points': len(self.access_points),
            'monitored_points': len([p for p in self.access_points.values() if p['monitoring']]),
            'security_score': 0.0
        }
        
        # Calcular score de seguridad
        if assessment['total_controls'] > 0:
            control_effectiveness = sum(c['effectiveness'] for c in self.physical_controls.values()) / assessment['total_controls']
            monitoring_coverage = assessment['monitored_points'] / assessment['access_points'] if assessment['access_points'] > 0 else 0
            
            assessment['security_score'] = (control_effectiveness + monitoring_coverage) / 2
        
        return assessment
    
    def get_access_anomalies(self, point_id, time_window_hours=24):
        """Detectar anomalías de acceso"""
        if point_id not in self.access_points:
            return []
        
        access_log = self.access_points[point_id]['access_log']
        cutoff_time = datetime.now() - timedelta(hours=time_window_hours)
        
        recent_access = [record for record in access_log if record['timestamp'] >= cutoff_time]
        
        anomalies = []
        
        # Detectar accesos fuera de horario
        off_hours_access = [r for r in recent_access if r['timestamp'].hour < 6 or r['timestamp'].hour > 22]
        if off_hours_access:
            anomalies.append({
                'type': 'off_hours_access',
                'count': len(off_hours_access),
                'description': 'Accesos fuera de horario normal'
            })
        
        # Detectar múltiples intentos fallidos
        failed_attempts = [r for r in recent_access if not r['success']]
        if len(failed_attempts) > 3:
            anomalies.append({
                'type': 'multiple_failed_attempts',
                'count': len(failed_attempts),
                'description': 'Múltiples intentos de acceso fallidos'
            })
        
        return anomalies

# Ejemplo de uso
physical_layer = PhysicalSecurityLayer()

# Instalar controles físicos
physical_layer.install_physical_control('CTRL-001', {
    'type': 'Biometric Scanner',
    'location': 'Main Entrance',
    'function': 'Access Control'
})

physical_layer.install_physical_control('CTRL-002', {
    'type': 'Security Camera',
    'location': 'Data Center',
    'function': 'Surveillance'
})

# Crear punto de acceso
physical_layer.create_access_point('AP-001', {
    'name': 'Main Data Center Door',
    'location': 'Building A, Floor 1',
    'access_type': 'Card + Biometric',
    'controls': ['CTRL-001', 'CTRL-002'],
    'monitoring': True
})

# Evaluar seguridad física
assessment = physical_layer.assess_physical_security()
print(f"Evaluación de seguridad física: {assessment}")

Capa 3: Controles de Red

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
class NetworkSecurityLayer:
    def __init__(self):
        self.network_devices = {}
        self.security_zones = {}
        self.traffic_rules = {}
        self.intrusion_detection = {}
    
    def configure_firewall(self, firewall_id, config):
        """Configurar firewall"""
        self.network_devices[firewall_id] = {
            'device_id': firewall_id,
            'type': 'firewall',
            'model': config['model'],
            'rules': config.get('rules', []),
            'zones': config.get('zones', []),
            'status': 'active',
            'last_update': None,
            'threat_intelligence': config.get('threat_intelligence', True)
        }
    
    def create_security_zone(self, zone_id, zone_config):
        """Crear zona de seguridad"""
        self.security_zones[zone_id] = {
            'zone_id': zone_id,
            'name': zone_config['name'],
            'trust_level': zone_config['trust_level'],
            'subnets': zone_config.get('subnets', []),
            'allowed_protocols': zone_config.get('protocols', []),
            'allowed_ports': zone_config.get('ports', []),
            'isolation_level': zone_config.get('isolation_level', 'medium'),
            'monitoring': zone_config.get('monitoring', True)
        }
    
    def define_traffic_rule(self, rule_id, rule_config):
        """Definir regla de tráfico"""
        self.traffic_rules[rule_id] = {
            'rule_id': rule_id,
            'name': rule_config['name'],
            'source_zone': rule_config['source_zone'],
            'destination_zone': rule_config['destination_zone'],
            'protocol': rule_config.get('protocol', 'any'),
            'port': rule_config.get('port', 'any'),
            'action': rule_config['action'],  # allow, deny, log
            'priority': rule_config.get('priority', 100),
            'enabled': rule_config.get('enabled', True)
        }
    
    def monitor_network_traffic(self, source_zone, destination_zone, protocol, port):
        """Monitorear tráfico de red"""
        # Buscar regla aplicable
        applicable_rules = []
        
        for rule in self.traffic_rules.values():
            if not rule['enabled']:
                continue
            
            if (rule['source_zone'] == source_zone and 
                rule['destination_zone'] == destination_zone and
                (rule['protocol'] == protocol or rule['protocol'] == 'any') and
                (rule['port'] == port or rule['port'] == 'any')):
                applicable_rules.append(rule)
        
        # Ordenar por prioridad (menor número = mayor prioridad)
        applicable_rules.sort(key=lambda x: x['priority'])
        
        if applicable_rules:
            rule = applicable_rules[0]
            return {
                'action': rule['action'],
                'rule_id': rule['rule_id'],
                'rule_name': rule['name']
            }
        else:
            return {
                'action': 'deny',
                'rule_id': 'default',
                'rule_name': 'Default Deny'
            }
    
    def detect_intrusion(self, traffic_data):
        """Detectar intrusiones"""
        alerts = []
        
        # Detectar patrones sospechosos
        if traffic_data.get('packet_size') > 1500:  # Paquetes grandes
            alerts.append({
                'type': 'large_packet',
                'severity': 'medium',
                'description': 'Paquete de tamaño inusual detectado'
            })
        
        if traffic_data.get('connection_attempts') > 100:  # Muchos intentos de conexión
            alerts.append({
                'type': 'connection_flood',
                'severity': 'high',
                'description': 'Posible ataque de inundación de conexiones'
            })
        
        if traffic_data.get('port_scanning'):  # Escaneo de puertos
            alerts.append({
                'type': 'port_scan',
                'severity': 'high',
                'description': 'Escaneo de puertos detectado'
            })
        
        return alerts
    
    def get_network_security_status(self):
        """Obtener estado de seguridad de red"""
        status = {
            'total_devices': len(self.network_devices),
            'active_devices': len([d for d in self.network_devices.values() if d['status'] == 'active']),
            'security_zones': len(self.security_zones),
            'traffic_rules': len(self.traffic_rules),
            'enabled_rules': len([r for r in self.traffic_rules.values() if r['enabled']]),
            'security_score': 0.0
        }
        
        # Calcular score de seguridad
        if status['total_devices'] > 0 and status['traffic_rules'] > 0:
            device_ratio = status['active_devices'] / status['total_devices']
            rule_ratio = status['enabled_rules'] / status['traffic_rules']
            zone_coverage = status['security_zones'] / 5  # Asumiendo 5 zonas ideales
            
            status['security_score'] = (device_ratio + rule_ratio + zone_coverage) / 3
        
        return status

# Ejemplo de uso
network_layer = NetworkSecurityLayer()

# Configurar firewall
network_layer.configure_firewall('FW-001', {
    'model': 'Cisco ASA',
    'zones': ['internal', 'dmz', 'external'],
    'threat_intelligence': True
})

# Crear zonas de seguridad
network_layer.create_security_zone('internal', {
    'name': 'Internal Network',
    'trust_level': 'high',
    'subnets': ['10.0.0.0/8'],
    'protocols': ['TCP', 'UDP', 'ICMP'],
    'isolation_level': 'low'
})

network_layer.create_security_zone('dmz', {
    'name': 'DMZ',
    'trust_level': 'medium',
    'subnets': ['192.168.1.0/24'],
    'protocols': ['TCP'],
    'isolation_level': 'high'
})

# Definir reglas de tráfico
network_layer.define_traffic_rule('RULE-001', {
    'name': 'Internal to DMZ HTTP',
    'source_zone': 'internal',
    'destination_zone': 'dmz',
    'protocol': 'TCP',
    'port': '80',
    'action': 'allow',
    'priority': 10
})

# Monitorear tráfico
traffic_result = network_layer.monitor_network_traffic('internal', 'dmz', 'TCP', '80')
print(f"Resultado de monitoreo: {traffic_result}")

# Obtener estado de seguridad
security_status = network_layer.get_network_security_status()
print(f"Estado de seguridad de red: {security_status}")

Capa 4: Controles de Aplicación

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
class ApplicationSecurityLayer:
    def __init__(self):
        self.applications = {}
        self.security_controls = {}
        self.vulnerability_scans = {}
        self.code_analysis = {}
    
    def register_application(self, app_id, app_config):
        """Registrar aplicación"""
        self.applications[app_id] = {
            'app_id': app_id,
            'name': app_config['name'],
            'type': app_config['type'],
            'version': app_config.get('version', '1.0'),
            'security_controls': app_config.get('security_controls', []),
            'vulnerability_status': 'unknown',
            'last_scan': None,
            'security_score': 0.0
        }
    
    def implement_security_control(self, control_id, control_config):
        """Implementar control de seguridad de aplicación"""
        self.security_controls[control_id] = {
            'control_id': control_id,
            'type': control_config['type'],
            'application_id': control_config['application_id'],
            'implementation': control_config['implementation'],
            'status': 'active',
            'effectiveness': control_config.get('effectiveness', 0.0),
            'last_test': None
        }
    
    def perform_vulnerability_scan(self, app_id, scan_type='automated'):
        """Realizar escaneo de vulnerabilidades"""
        if app_id not in self.applications:
            return None
        
        scan_id = f"SCAN-{app_id}-{datetime.now().strftime('%Y%m%d%H%M%S')}"
        
        # Simular escaneo de vulnerabilidades
        vulnerabilities = self.simulate_vulnerability_scan(app_id)
        
        self.vulnerability_scans[scan_id] = {
            'scan_id': scan_id,
            'app_id': app_id,
            'scan_type': scan_type,
            'timestamp': datetime.now(),
            'vulnerabilities': vulnerabilities,
            'total_vulnerabilities': len(vulnerabilities),
            'critical_count': len([v for v in vulnerabilities if v['severity'] == 'critical']),
            'high_count': len([v for v in vulnerabilities if v['severity'] == 'high']),
            'medium_count': len([v for v in vulnerabilities if v['severity'] == 'medium']),
            'low_count': len([v for v in vulnerabilities if v['severity'] == 'low'])
        }
        
        # Actualizar estado de la aplicación
        self.applications[app_id]['vulnerability_status'] = self.calculate_vulnerability_status(vulnerabilities)
        self.applications[app_id]['last_scan'] = datetime.now()
        
        return self.vulnerability_scans[scan_id]
    
    def simulate_vulnerability_scan(self, app_id):
        """Simular escaneo de vulnerabilidades"""
        # Simulación de vulnerabilidades comunes
        vulnerabilities = [
            {
                'id': f'VULN-{app_id}-001',
                'type': 'SQL Injection',
                'severity': 'high',
                'cvss_score': 8.5,
                'description': 'SQL injection vulnerability in login form',
                'location': '/login.php',
                'remediation': 'Use parameterized queries'
            },
            {
                'id': f'VULN-{app_id}-002',
                'type': 'Cross-Site Scripting (XSS)',
                'severity': 'medium',
                'cvss_score': 6.1,
                'description': 'Reflected XSS in search functionality',
                'location': '/search.php',
                'remediation': 'Implement input validation and output encoding'
            },
            {
                'id': f'VULN-{app_id}-003',
                'type': 'Insecure Direct Object Reference',
                'severity': 'medium',
                'cvss_score': 5.3,
                'description': 'Direct access to user files without authorization',
                'location': '/files.php',
                'remediation': 'Implement proper authorization checks'
            }
        ]
        
        return vulnerabilities
    
    def calculate_vulnerability_status(self, vulnerabilities):
        """Calcular estado de vulnerabilidades"""
        if not vulnerabilities:
            return 'clean'
        
        critical_count = len([v for v in vulnerabilities if v['severity'] == 'critical'])
        high_count = len([v for v in vulnerabilities if v['severity'] == 'high'])
        
        if critical_count > 0:
            return 'critical'
        elif high_count > 2:
            return 'high'
        elif high_count > 0 or len(vulnerabilities) > 5:
            return 'medium'
        else:
            return 'low'
    
    def perform_code_analysis(self, app_id, code_files):
        """Realizar análisis de código"""
        analysis_id = f"CODE-{app_id}-{datetime.now().strftime('%Y%m%d%H%M%S')}"
        
        # Simular análisis de código
        issues = self.simulate_code_analysis(code_files)
        
        self.code_analysis[analysis_id] = {
            'analysis_id': analysis_id,
            'app_id': app_id,
            'timestamp': datetime.now(),
            'files_analyzed': len(code_files),
            'issues': issues,
            'total_issues': len(issues),
            'security_issues': len([i for i in issues if i['type'] == 'security']),
            'quality_issues': len([i for i in issues if i['type'] == 'quality']),
            'performance_issues': len([i for i in issues if i['type'] == 'performance'])
        }
        
        return self.code_analysis[analysis_id]
    
    def simulate_code_analysis(self, code_files):
        """Simular análisis de código"""
        issues = []
        
        for file in code_files:
            if 'password' in file.lower():
                issues.append({
                    'file': file,
                    'line': 15,
                    'type': 'security',
                    'severity': 'high',
                    'description': 'Hardcoded password detected',
                    'rule': 'SEC001'
                })
            
            if 'sql' in file.lower():
                issues.append({
                    'file': file,
                    'line': 42,
                    'type': 'security',
                    'severity': 'medium',
                    'description': 'Potential SQL injection vulnerability',
                    'rule': 'SEC002'
                })
        
        return issues
    
    def get_application_security_summary(self, app_id):
        """Obtener resumen de seguridad de aplicación"""
        if app_id not in self.applications:
            return None
        
        app = self.applications[app_id]
        
        # Obtener escaneos recientes
        recent_scans = [scan for scan in self.vulnerability_scans.values() 
                       if scan['app_id'] == app_id and 
                       scan['timestamp'] >= datetime.now() - timedelta(days=30)]
        
        # Obtener análisis de código recientes
        recent_analyses = [analysis for analysis in self.code_analysis.values() 
                          if analysis['app_id'] == app_id and 
                          analysis['timestamp'] >= datetime.now() - timedelta(days=30)]
        
        summary = {
            'app_id': app_id,
            'name': app['name'],
            'vulnerability_status': app['vulnerability_status'],
            'total_vulnerabilities': sum(scan['total_vulnerabilities'] for scan in recent_scans),
            'critical_vulnerabilities': sum(scan['critical_count'] for scan in recent_scans),
            'security_issues': sum(analysis['security_issues'] for analysis in recent_analyses),
            'last_scan': app['last_scan'],
            'security_score': self.calculate_security_score(app, recent_scans, recent_analyses)
        }
        
        return summary
    
    def calculate_security_score(self, app, scans, analyses):
        """Calcular score de seguridad"""
        base_score = 100.0
        
        # Penalizar por vulnerabilidades
        for scan in scans:
            base_score -= scan['critical_count'] * 20
            base_score -= scan['high_count'] * 10
            base_score -= scan['medium_count'] * 5
            base_score -= scan['low_count'] * 1
        
        # Penalizar por problemas de código
        for analysis in analyses:
            base_score -= analysis['security_issues'] * 5
        
        return max(0.0, base_score)

# Ejemplo de uso
app_layer = ApplicationSecurityLayer()

# Registrar aplicación
app_layer.register_application('APP-001', {
    'name': 'Customer Portal',
    'type': 'Web Application',
    'version': '2.1',
    'security_controls': ['WAF', 'Input Validation', 'Authentication']
})

# Realizar escaneo de vulnerabilidades
scan_result = app_layer.perform_vulnerability_scan('APP-001')
print(f"Resultado del escaneo: {scan_result['total_vulnerabilities']} vulnerabilidades encontradas")

# Realizar análisis de código
code_analysis = app_layer.perform_code_analysis('APP-001', ['login.php', 'search.php', 'database.php'])
print(f"Análisis de código: {code_analysis['total_issues']} problemas encontrados")

# Obtener resumen de seguridad
security_summary = app_layer.get_application_security_summary('APP-001')
print(f"Resumen de seguridad: {security_summary}")

Implementación de Defense in Depth

Estrategia de Implementación

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
class DefenseInDepthStrategy:
    def __init__(self):
        self.layers = {
            'policies': PolicyLayer(),
            'physical': PhysicalSecurityLayer(),
            'network': NetworkSecurityLayer(),
            'application': ApplicationSecurityLayer()
        }
        self.integration_points = {}
        self.coordination_mechanisms = {}
    
    def assess_overall_security(self):
        """Evaluar seguridad general"""
        layer_scores = {}
        
        for layer_name, layer in self.layers.items():
            if hasattr(layer, 'assess_policy_coverage'):
                layer_scores[layer_name] = layer.assess_policy_coverage()
            elif hasattr(layer, 'assess_physical_security'):
                layer_scores[layer_name] = layer.assess_physical_security()['security_score']
            elif hasattr(layer, 'get_network_security_status'):
                layer_scores[layer_name] = layer.get_network_security_status()['security_score']
            else:
                layer_scores[layer_name] = 0.0
        
        # Calcular score general
        overall_score = sum(layer_scores.values()) / len(layer_scores)
        
        return {
            'layer_scores': layer_scores,
            'overall_score': overall_score,
            'weakest_layer': min(layer_scores, key=layer_scores.get),
            'strongest_layer': max(layer_scores, key=layer_scores.get),
            'recommendations': self.get_improvement_recommendations(layer_scores)
        }
    
    def get_improvement_recommendations(self, layer_scores):
        """Obtener recomendaciones de mejora"""
        recommendations = []
        
        for layer, score in layer_scores.items():
            if score < 0.7:
                recommendations.append(f"Mejorar {layer} layer (score actual: {score:.2f})")
        
        if len(recommendations) == 0:
            recommendations.append("Mantener y monitorear todas las capas")
        
        return recommendations
    
    def coordinate_incident_response(self, incident_type, affected_layers):
        """Coordinar respuesta a incidentes entre capas"""
        response_actions = []
        
        for layer in affected_layers:
            if layer in self.layers:
                if layer == 'policies':
                    response_actions.append("Actualizar políticas relevantes")
                elif layer == 'physical':
                    response_actions.append("Reforzar controles físicos")
                elif layer == 'network':
                    response_actions.append("Aplicar reglas de firewall adicionales")
                elif layer == 'application':
                    response_actions.append("Implementar controles de aplicación adicionales")
        
        return {
            'incident_type': incident_type,
            'affected_layers': affected_layers,
            'response_actions': response_actions,
            'coordination_required': len(affected_layers) > 1
        }

# Ejemplo de uso
defense_strategy = DefenseInDepthStrategy()

# Evaluar seguridad general
security_assessment = defense_strategy.assess_overall_security()
print(f"Evaluación de seguridad: {security_assessment}")

# Coordinar respuesta a incidente
incident_response = defense_strategy.coordinate_incident_response(
    'data_breach', 
    ['network', 'application']
)
print(f"Respuesta a incidente: {incident_response}")

Mejores Prácticas

Diseño de Capas

Redundancia Inteligente: Múltiples controles para la misma amenaza
Diversidad: Diferentes tipos de controles
Profundidad: Múltiples niveles de defensa
Cobertura: Protección completa

Implementación

Enfoque Gradual: Implementación por capas
Integración: Integración entre capas
Monitoreo: Monitoreo de todas las capas
Pruebas: Pruebas regulares de efectividad

Operación

Coordinación: Coordinación entre capas
Respuesta: Respuesta coordinada a incidentes
Mejora: Mejora continua de capas
Capacitación: Capacitación del personal

Conceptos Relacionados

Zero Trust - Modelo complementario
Security by Design - Principio de diseño
Gobierno de la Seguridad de la Información - Marco que incluye Defense in Depth
Políticas y Procedimientos - Primera capa de defensa
Evaluación de Riesgos - Proceso que informa Defense in Depth
Tratamiento de Riesgos - Estrategia que implementa Defense in Depth
Monitoreo y Revisión - Proceso que monitorea Defense in Depth
CISO - Rol que lidera Defense in Depth
Ciberseguridad General - Disciplina que incluye Defense in Depth
Brechas de seguridad - Incidentes que Defense in Depth previene
Vectores de ataque - Amenazas que Defense in Depth mitiga
Incident Response - Proceso que Defense in Depth mejora
SIEM - Herramienta que monitorea Defense in Depth
SOAR - Automatización que coordina Defense in Depth
EDR - Herramienta de capa de endpoint
Firewall - Control de capa de red
VPN - Servicio de capa de red
Dashboards - Visualización de Defense in Depth
Registros - Evidencia de Defense in Depth