Before discussing any particular technology to defend computing environments from attacks, it is important to discuss how these technologies should be deployed. The basic strategy of securing environments starts with minimizing the attack surface of any protected resource. You can do this by removing or substantially reducing the ability of an attacker to conduct an attack against vulnerability. The most secure environments use a combination of strategies to provide the highest level of security. Most importantly, you must never rely on a single control to protect a resource. Always design a defense strategy that is multilayered, which requires that multiple controls be compromised to exploit any vulnerability. If an attacker compromises an outer layer of defense, that attacker still has to compromise additional layers before making it to the target resource. Such a security strategy is often called defense in depth. FIGURE 15-1 shows how a defense-in-depth strategy protects resources.