TABLE OF CONTENTS Chapter 2 focused on protecting the perimeter of your network, which typically means the Internet link, but it could include any link to the outside world, including connections to business partners and affiliates. This chapter focuses on how to secure the network-connected resources, such as servers and workstations. Many times an organization looks only at securing its perimeter, while leaving its interior network wide open and unprotected. This hard-exterior-soft-squishy-interior approach is surely better than no security, but it is not the best approach. The best approach is through defense in depth, which is the practice of applying security measures at all levels of the network. A solid defense-in-depth approach includes defenses at the outer perimeter typically, firewalls and an intrusion detection system. It also includes defenses within the interior of the network, such as internal firewalls, network segmentation, and port-level access controls. Finally, at the core of the security onion are the actual network resources. You can protect these resources in a variety of ways, including via personal firewalls, antivirus software, antispyware software, data encryption, and automated security policy enforcement.
All general-purpose operating systems will, by their very nature, come with weaker security settings than you might like. This characteristic is unavoidable, largely because the devices are general-purpose. To accommodate the wide variety of uses the system might fulfill, some sacrifices must be made when it comes to securing the system. This isn t necessarily true when it comes to special-purpose systems, which often come with highly...
