No single security countermeasure can always stop all attacks. Effective security requires multiple layers of countermeasure, so that if one is bypassed, the attack still has to get through the next layer, the layer after that, and so on. This concept is called defense-in-depth, and is illustrated by Figure 4-1 Figure 4-1. Layered DefensesFor example, a fence by itself is not enough to secure your home. The fence stops some attackers, but others climb over it. Some people might even knock your fence down. That is why you have doors and windows with locks on them, perhaps an alarm system, and even a safe for your valuables. Each layer makes it more difficult for the attacker to succeed. Effective computer security should also be based on a defense-in-depth. An Intrusion Prevention System (IPS) is only one of many layers you employ to defend your computing resources. This chapter demonstrates the importance of computer security in depth. It will
|