The Onion Approach

Security is a relative term , because even the most secure infrastructures are subject to vulnerabilities, and an environment is only as secure as its weakest link. One of the best defenses, however, is deploying multiple layers of security on critical network data. Using multiple layers of security is often referred to as the onion approach, where different stages or layers of security are used to protect the information. Generally speaking, as the information becomes more sensitive or confidential, the number of onion layers increases to thwart unauthorized access.

The premise behind the onion approach is that if a single layer of security is compromised, the intruder will have to bypass the second, third, fourth, and so on layers of security to gain access to the information. For example, relying on a complex 128-bit " unbreakable " encryption scheme is worthless if an intruder uses simple social engineering to acquire the password or PIN from a validated user . Putting in a second or third layer of security makes it that much more difficult for intruders to break through all layers.

On the other hand, adding security layers also affects usability and sometimes even functionality. As the security layers are applied, the complexity increases for authorized users trying to gain access to the information. The key to providing multiple layers of security is that the information is worthwhile to protect and the mechanisms that are put into place are as transparent as possible to authorized users.

When working with Windows Server 2003 and Exchange Server 2003, there are many security facets to consider implementing. Transport-level security is just one of those facets, but it is an important one to consider for organizations of all sizes. Transport-level security also uses an onion approach, wherein multiple levels of authentication, encryption, and authorization can be implemented for an enhanced degree of security on a network.