This layered approach is also called defense in depth. The idea is that you create
multiple systems so that a failure in one does not leave you vulnerable, but is caught in the next layer.
Additionally, in a layered approach, the vulnerability can be limited and contained to the affected layer because
of the applied security at varying levels.
Multilayer Perimeter Solution
As stated previously, today's solutions are shifting toward the approach of placing safeguard mechanisms at
various layers of the network, not just at the boundary or edge devices. Today, it is recommended to deploy
Intrusion Prevention System (IPS) devices on both the inside and outside boundaries of private networks.
Firewalls, on the other hand, are placed between various business segments or departments within the same
organization, dividing the network into logical groupings and applying perimeter defense at each segment or
department. In this multiperimeter model, each segment can have different layers of defense within it.
Effective perimeter security has become increasingly important over recent years. Perimeter security cannot be
trusted to only the traditional defense mechanisms of firewalls and IDS.
Pages:
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64