Welcome to Part IV, "Maintaining and Monitoring Perimeter Security." In Part I, "The Essentials of Network Perimeter Security," and Part II, "Fortifying the Security Perimeter," we talked about the primary components of the defense perimeter, such as firewalls, routers, hosts, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), Virtual Private Networks (VPNs), and policies. In Part III, "Designing a Secure Network Perimeter," you learned how to deploy these elements according to their strengths while taking into account their weaknesses to create a unified defense architecture. After your security perimeter has been set up, two processes must continuously take place: administration of the perimeter's components and evaluation of its effectiveness. Mastering these concepts is the final step on the path to defense in depth.
This chapter discusses core principles of maintaining a security perimeter. One of the requirements for effective perimeter maintenance is awareness of the operating environment, which is why we begin with a section on system and network monitoring. In this chapter, you learn how to gather monitoring requirements and see how to implement them using free or relatively inexpensive software. We build on the monitoring processes by examining ways to respond to system fault events and malicious incidents. We also talk about the process of managing changes to the infrastructure throughout the evolution of the security perimeter so that the infrastructure's components stay effective in the face of changing threats and business requirements.