A Practical Implementation of Defense In Depth and Concomitant Security Management Program

In an organization connected to the Internet for business operations such as ecommerce, both the security staff and the network administrators constantly face tremendous challenges from dynamic digital attacks. A combination of well-designed network security infrastructure features and security practices is essential to curtail future malicious attacks. Since no single defense mechanism can defend against all types of threats and attacks, 'defense in depth' is the best solution for safeguarding an organization's IT systems and digital assets. This paper presents a network security architecture including routers switches and firewalls to exemplify the 'defense in depth' concept. The discussion shows how the internal network is separated from the Internet and how various additional protective measures are employed to counter attacks from cyberspace. In addition the paper discusses sound practical security management practices for both network and host protection and demonstrates how they significantly enhance the organization's overall security posture. Finally as a case study in organizational security it is shown that a combination of sound security practices with judicious changes to the IT infrastructure can successfully defend against both known and unknown malicious agents.