Information Technology Reference
In-Depth Information
DMZ, for example, the same hacking toolkit cannot be used to bypass
both barriers. Complexity can add to security when layering protections,
although this only increases security—a skilled attacker can eventually
bypass multiple defensive layers, whether they are constructed from a sin-
gle vendor's offerings or developed using a wide assortment of products.
Figure 3.3
A simplifi ed network defensive strategy employing defensive
applications on guard against intrusion, malware, or misuse, and fi rewall barriers
creating a DMZ and shielded subnet.
Conceal the Inner Workings
Like a castle, a protected network relies on standardized rules for pass-
ing through its gates. Defensive applications act as guards and turn away
undesirable traffic, while ensuring that legitimate requests are passed
only to the appropriate destination. Some systems may require defenses
against internal threats, requiring additional layering to create shielded
subnets and protected safe harbors for legacy systems or sensitive data.
By exposing only encrypted Web service interfaces, external applications
can interact with protected data stores and application services within
these defended areas using a black-box approach. This type of defensive
