Chapter 4. Security in Depth


No single security countermeasure can always stop all attacks. Effective security requires multiple layers of countermeasure, so that if one is bypassed, the attack still has to get through the next layer, the layer after that, and so on. This concept is called defense-in-depth, and is illustrated by Figure 4-1

Figure 4-1. Layered Defenses


For example, a fence by itself is not enough to secure your home. The fence stops some attackers, but others climb over it. Some people might even knock your fence down. That is why you have doors and windows with locks on them, perhaps an alarm system, and even a safe for your valuables. Each layer makes it more difficult for the attacker to succeed.

Effective computer security should also be based on a defense-in-depth. An Intrusion Prevention System (IPS) is only one of many layers you employ to defend your computing resources. This chapter demonstrates the importance of computer security in depth. It will

  • Give examples of effective defense-in-depth

  • Explain the role of security policy

  • Envision the likely future of IPS and how collaboration between layers greatly enhances defensive capabilities




Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net