Defense in Depth
Securing a network requires significantly more than implementing a strong network
perimeter. The installation of a firewall is a part of the perimeter defense, but it cannot ensure
that the entire network is secure. The concept of defense in depth refers to the military
strategy of having multiple layers of defense. It is an architecture that includes a strong
perimeter, intrusion detection/prevention at key points on the network, network monitoring
and logging, and a design that allows administrators to dynamically alter the network in
response to attacks.
Of course, the concept of defense in depth must always be balanced with the business need
of the organization. It simply would not make sense to implement a complex and expensive
security architecture for a home office with a couple of computers that do not contain any
sensitive data.