Security in Depth… What is your limit? of protection?
View point from Huan Baby an expert of 25+ years experience in cybersecurity
No matter how good the implementatio+n of a network security check is, there is always someone smarter than the people who designed the security check with more time on their hands who will eventually be able to get past that check. It is for this reason that common security practice suggests multiple lines of defense, or defense in depth.
Defense in depth is designed on the principle that multiple layers of different types of protection from different vendors significantly provide the best protection. A hacker can develop a special skill to break through the defense or learn the intricacies or techniques of a particular vendor effectively rendering that type of defense useless. By establishing layered security you will help let through all but the smartest and most dedicated hackers. As a bottom line I advise implementing a firewall, an IPS (Intrution Prevention System) and anti-virus software. Working together, these three devices can help let through unwanted traffic, notify you when unauthorized access actually occurs, and protect your computer from well-known Trojans and viruses.
A firewall can be hardware or software based. It is usually better to have the firewall on a dedicated server. Firewalls restrict access based on various rules. Simple firewalls or routers tend to restrict or direct traffic based simply on port number or IP address. Regardless of the type you use, the firewall represents your external limit of protection.
If someone or something manages to get past the firewall, the next line of defense would be your IPS, or Intrusion Prevention system. There are a few different ways to achieve intrusion detection. One of the most popular is for signature correspondence. Essentially, every time a new threat or feat is learned a signature is created for it. The IPS monitors all traffic over the local network and looks for patterns matching signatures of what it contains. Depending on the IPS you can configure it to reply about the attack, stop the traffic flow, alert the administrator or some other form of intervention or notification.
If the malicious code gets past the Firewall and IPS and reaches your server, this would be left for the anti-virus software to discover and protect the server. Typical anti-virus software works in a similar way to IPS signatures. Every time a new virus is discovered its characteristics (the substantial line, the message body, the attached file name(s), the email size or the attached file(s)) – something that makes it unique and this is constant) are cataloged and additionally added to the list of known viruses. The software scans local PC/server files, incoming emails and Internet traffic for signs of malicious code. Although hacking and viruses are two different attacks that can occur on your system, many anti-virus software packages can uncover Trojans and backdoors that could be placed on your computer by a hacker.
These are just a few examples of how to implement in-depth security for more complicated or larger networks. It is wise to establish multiple firewalls and create a DMZ (demilitarized zone) to segment the certain types of servers that the public on the Internet need more than them. No matter how you decide to protect your network, it is important not to put all your eggs in one basket or buy all your eggs from the same chicken.
If you want to have a deeper understanding on how to implement in-depth security and to become a certified cybersecurity expert, apply at the following link.