Defense in Depth

It is an Information Assurance concept strategy in which multiple layers of defense are placed throughout an information technology system.  It addresses vulnerabilities in personnel, technology, and operation for the duration of the system’s life.

The defense in depth approach is to defend a system against any particular attack using several varying methods.  It seeks to delay, rather than prevent, the advance of an attacker—buying the organization time to detect and respond to the attack.

What does this have to do with parenting, you may ask?

Do your children use the World Wide Web?  Have you ever left a child unattended on the web, even for a moment?

The human mind is the most deceitful of all things.  It is incurable.  No one can understand how deceitful it is. –Jeremiah 17:9

Deceitful and cunning people are out there; ready to corrupt the hearts and minds of our children.  How do we defend our children from them, when even a moment’s in attention can be enough time for an image, or word, or phrase to sneak in?

Defense in depth.

Many parents set the Internet parental controls in Windows or on their Mac and think “There.  I’ve protected the children from inappropriate content.”  But I have noticed that the Internet parental control on some of our computers says, “Try to limit access to adult sites automatically”.  When it comes to shielding my children from inappropriate content, I agree with Yoda: “Do, or do not.  There is no try.”

So how do we protect our children’s innocence?

We treat computer use in the home as a privilege.  We manage each child’s computer time with the time limits control.  Both Windows and Mac operating systems allow setting the time ranges and number of hours a day that a child can use the computer.  This also prevents late-night browsing after the parents have gone to bed.

Our defense against the attackers of childhood innocence uses several varying methods.  The first is to have our household computers in open areas of the house.  Use of the computers is subject to anyone in the house observing your activity.  The second method is use of the parental controls present in the Windows and Mac operating systems.  We set the systems to “try to limit access”.

The third layer is the use of the OpenDNS name resolution system.  This free service allows parents to set whole-household rules for filtering inappropriate content.  Computers, game consoles, iOS devices, smart phones, etc. are all subject to the OpenDNS filtering rules.

Once our Internet Protocol (IP) address was registered with OpenDNS, we set our network router to use the OpenDNS service.  All requests from Internet-connected devices in our household is routed through the OpenDNS service, which applies the content filtering rules we have set to each request for a web site.  If a requested site is in our filter list, our child receives a customized message from us about why access to the site was denied.

The fourth layer we use is review of the OpenDNS logs.  OpenDNS keeps a record of all sites requested.  Reviewing the logs with your children is a great way to let them know that you’re keeping an eye on what they’re doing—even when you are not physically present in the room.

Using the defense in depth approach to defending our children from the ”bad guys” accomplishes exactly the same thing as it does defending information systems from attack.  It allows us time to detect the attack, and respond appropriately.

Next Week’s Author:  Susan Ottmer

Steve keeps busy with five children and a job in information security. He also has a second job as principal of the Hodgepodge homeschool.
Steve Hodges
View all posts by Steve Hodges
Steve’s website


  1. Passionate Purposeful Parenting says:

    Welcome to Passionate Purposeful Parenting, Steve! We’re so glad you’re a contributing author! It is so important as a parent to be proactive in this area! I greatly appreciate you sharing some very specific ways to do this! My husband is the “tech guy” in our home and I rely on his knowledge for a lot in our home. I know I need to familiarize myself more with it for the sake of my children, though. Thank you again for sharing your words of wisdom and spurring us on to “defense in depth.”

  2. We use BSafe, which is internet filtering software that we pay a yearly fee for and have to install individually on each computer. I have the password and can set categories to block, as well as custom-block sites. Yours is free, which is a plus with us… how would you say Open DNS is different? (Besides being a whole house filter?)

  3. OpenDNS was designed to manage the way that the computers in a location (household, business, etc.) turn “friendly” names into the addresses necessary for a web browser to locate a site. It has a list of categories for you to choose which sites are not desired.

    Filters loaded onto a computer can be defeated by the computer’s user, given enough time and determination. OpenDNS, by contrast, works with your Internet router (also called a residential gateway). Provided your residential gateway is protected by a strong password, this type of filtering is harder for the computer user to defeat. However, when using OpenDNS, you must be aware that once the computer leaves the location (e.g. a laptop leaving the house), it is no longer protected, since it is no longer behind your residential gateway. This is one reason to use multiple, layered defenses.

  4. Got it, Steve! Thanks. =)


  1. […] Please read more at Passionate Purposeful Parenting today… […]

  2. […] Defense in Depth ~ (the habit of protecting) Steve, earlier this week @ Passionate Purposeful Parenting […]

  3. […] Defense in Depth | Passionate Purposeful Parenting […]

  4. […] a recent post on Passionate PurposefulParenting entitled Defense in Depth, I wrote about the methods we use to protect our children from the “wild west” of the […]