Tel: 0791-49 39 04 98
Defense in Depth is a layered approach to protecting ones network. It is comprised of various levels of defense which filter out network traffic which is not appropriate for the various Business Units (BU).
At the top level is the first layer of protection. This layer provides the first set of Access Control Lists which eliminate unwanted or unnecessary network traffic and Intrusion Detection/Intrusion Protection Systems.
The second layer is where corporate Public Facing resources are positioned. This area is normally called the Demilitarized Zone (DMZ) and hosts equipment like Public Webservers and Proxys.
The third layer hosts the Web Access Filters (Outbound), Virtual Private Networks (VPN), Intrusion Detection/Intrusion Prevention Systems as well as stricter Access Control Lists specific for the BU or region which is being protected.
The forth layer hosts the Email Servers, Private Web Servers as well as regional or BU Data Storage Resources.
The fifth layer is where the users are. One could consider this area as being sterile and allows the free flow of business data and resources. Each BU should be placed in its own area thus segregating processes and data (Finance, Human Resources, Research and Development, etc)
Each layer has its own requirements and purposes which filter, monitor and protect the network traffic that is inbound and outbound. It is important to segregate and segment the network resources, so that it only appropriate network traffic is allowed to communicate with its authorized resource.
If you need help to protect your Assets, contact Gefund-IT and "Deny the competition your investments!"™