Implementing Defense in Depth
Over the next few pages we will examine how to implement defense in depth in network design, host security, policy, process, and standards, and as part of personnel security. When each of these layers is implemented as part of a comprehensive security design that takes into account the benefits and disadvantages of each control, a true defense-in-depth design can be implemented.
Layered Security and Network Design
Implementing layered security for a network relies on a combination of network architecture design, network configuration management, practices, and policies. Common network design models include single firewalls, multi-interface firewalls, and multi-firewall designs. In each of these, networks may be segmented, either logically or physically, to create security boundaries in addition to the boundaries created by firewalls or other security devices. Along with these common architectures, networks that combine onsite networks with outsourced networks...