The layered approach can best be compared as an analogy of weathering out a winter storm. Many people know the feeling of being stuck at home during a winter blizzard. The things one does in a winter storm are to heat some soup, turn up the furnace, snuggle up under the blankets, and start a fire in the fireplace. All of these things lead to a warm and secure feeling while waiting for the storm to pass. It's this utilization of separate things in the household that results in an overall approach that gives us that warm and fuzzy feeling in a winter storm. Thus, computer security is the most effective when multiple layers of security are used within an organization.
The most common misconception is that a firewall will secure your computer facilities and additional steps don't need to be taken. A firewall is just one component of an effective security model. Additional components or layers should be added to provide an effective security model within your organization. The security model that will protect your organization should be built upon the following layers:
In summary, an intrusion detection system is just one component of an effective security model for an organization. The overall security integrity of your organization is dependent upon the implementation of all layers of the security model. The implementation of the layered approach to security should be undertaken in a logical and methodical manner for best results and to ensure the overall sanity of the security personnel.
Senior Security Architect
Purolator Courier Corp.