Securing the Network

Defense in depth is a foundational concept of information security. Each tier of the enterprise network needs to be secured to mitigate attacks against assets at each tier. This chapter will introduce multiple technologies that can be implemented in the network to secure enterprise infrastructure, network services such as e-mail, DNS, file transfer, and web applications. Advancement in firewall technologies that provide more in-depth inspection and protection capabilities will be covered as a method to consolidate solutions and increase visibility into the network traffic.

We will also cover intrusion detection and prevention, and how this technology can protect against simple and the most advanced attacks across applications, systems, and network services. Last, this chapter will cover increasing security through network segmentation while reducing the scope for regulatory and compliance initiatives.

Intrusion detection and prevention technology has remained a mainstay at the network perimeter, though predicted to be a dead technology by security experts five to seven years ago. The IPS market is thriving, and enterprises are finding value and regulatory compliance in the platform used to stop malicious attacks at the perimeter. While several firewall technologies are integrating intrusion prevention into their offerings, there has not been a complete shift to this implementation. As with other security areas, there are multiple perspectives that drive technology theory and practice. Typically, the shift to an integrated solution becomes more of a consideration when the network segments requiring protection increase to the extent that it is simply cost prohibitive to deploy standalone intrusion prevention.