Defence in depth is the idea that no single security control is enough. Instead of relying on one tool or one decision to keep everything safe, you build multiple layers of protection around your environment.
The key assumption is simple: each layer assumes the previous one will fail.
The goal isn’t to make attacks impossible. That’s not realistic.
The goal is to make attacks expensive, detectable, and recoverable.
Cyber threats have come a long way — and so have the tools we use to fight them.
This post walks through three generations of cybersecurity protection:
Let’s look at what each was built for, how it works, and why the newest tools matter more than ever.
PingCastle, developed by Vincent Le Toux, is a lightweight yet powerful tool for auditing Active Directory (AD). Now owned by Netwrix, PingCastle continues to offer its powerful community version for free, ensuring accessible Active Directory security for all.
In this post, I’ll walk you through the free version in action, using a virtual AD setup with a Windows Server 2012 R2 domain controller and a test domain: mickgb.ovh, running in a VirtualBox environment.
Despite implementing SPF and DKIM, many organisations still fall victim to spoofed emails. That’s where DMARC (Domain-based Message Authentication, Reporting & Conformance) comes in — a protocol designed to enforce domain identity and ensure only authorised sources can send on your behalf.
DMARC builds on SPF and DKIM by tying them together with policy enforcement and visibility. It ensures that:
DomainKeys Identified Mail (DKIM) is an email authentication method that uses digital signatures to prove that an email was:
DKIM uses public-key cryptography: the sender’s mail server signs parts of the message with a private key, and the recipient verifies the signature using a public key published in the sender’s DNS.
Sender Policy Framework (SPF) is an email authentication standard designed to prevent domain spoofing by verifying which mail servers are authorised to send emails for your domain.
It was introduced to fix a core flaw in SMTP — the protocol never verified the identity of the sender. SPF allows domain owners to publish a DNS record that specifies approved sending hosts, helping receiving mail servers identify forged messages.
Business Email Compromise (BEC) is a targeted cyberattack where attackers impersonate or compromise legitimate business email accounts to deceive recipients into taking harmful actions, such as:
Unlike traditional phishing, BEC does not typically rely on malware. Instead, it leverages social engineering, exploitation of trust, and well-timed deception. Common variants include:
Whether you’re running a VPS, a dev box, or a personal server, setting up a firewall is essential. In this guide, we’ll show you how to secure your Linux machine using iptables and UFW, along with some simple but powerful default rules to block bad traffic while keeping your services online.
# Install UFW (usually pre-installed on Ubuntu)
sudo apt install ufw
# Set default policy: deny all incoming, allow all outgoing
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH so we don't lock ourselves out
sudo ufw allow ssh
# Allow web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable UFW
sudo ufw enable
# Check status
sudo ufw status verbose
iptables is the built-in firewall tool in Linux. It’s powerful, but less user-friendly than UFW. Here’s how to set up safe, common defaults:
In cybersecurity, the terms Red Team and Blue Team describe two sides of a simulated battle between attackers and defenders. These exercises help organizations test their resilience and improve their ability to detect and respond to real threats.
The Red Team simulates real-world adversaries to uncover hidden weaknesses and test the limits of a system’s defenses. Their mission is to breach, persist, and evade — not to cause damage, but to reveal what a real attacker could do.