Chapter Summary

This chapter began with a discussion of the importance of a layered network security design. This layering of security provides a deeper level of protection for your network. You must avoid what I call “the orange syndrome,” as in the fruit, in which only a single layer of protection exists before you get to the good stuff. You do not want attackers to defeat a single security layer and get to the good stuff in your network.

This chapter looked at many technologies that you can use to provide a layered approach to security:

• Packet filtering via ACLs

• Stateful packet inspection

• Network Address Translation

• Proxies and application level protection

• Content filters

• Public key infrastructure

• AAA technologies

Separately, each of these technologies is just a single layer of protection, but combined, they provide you with several layers of protection and keep the good stuff safe.