Chapter 2. Principles of Network Defense

Defense in depth is a technique that uses many layers of network defense to secure a network and all devices connected to that network. The theory behind defense in depth is to deploy different layers of security in key parts of the network to detect, contain, and ultimately stop an attack. This book explains how you can use the ASA/PIX Security Appliance and Adaptive Security Device Manager (ASDM) together to protect a network using this methodology.

This chapter addresses the following topics:

• Understanding Defense in Depth— This section helps you to understand how defense in depth works to mitigate attacks against networks, network devices, and PCs connected to the network.

• Deploying Defense in Depth— This section explains the technology used in a defense-in-depth model to secure your network environment.

• Security Best Practices— This section highlights additional steps, beyond technology, that you should take to help ensure your network security.