Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Introduction > Introduction - Pg. 226

226 Chapter 6 · Defense-in-depth Introduction Ken Bechtel, a veteran of the enterprise defense wars and a strong advocate of multi-layering and defense-in-depth, kicks off this chapter with an overview of defense-in-depth strategies. Paul Schmehl then looks more specifically at defense-in-depth in the enterprise. David Harley takes a look at intrusion and virus detection, and then we hand it back to Ken for an avalanche of material on implementing various aspects of malware defense. Mitigating the impact of malicious code upon the enterprise requires more than just anti-virus (AV) software. It requires a well-thought out plan of action that addresses various contingencies.This chapter is designed to facilitate that thought process, and to outline procedures and issues that can help ensure a reasonable level of protection in a generic corporate environment. Every workstation or server is a potential entry point for malicious software, and must be protected.The value of functional, up-to-date AV software cannot be underestimated. Coupled where possible with intrusion detection monitors (personal firewalls, integrity management tools such as tripwire and even basic network security features), a PC can be turned into a mini-fortress.The non-specific (generic) type of approach will be covered later. Many security practitioners prefer a centrally managed infrastructure with a dedicated AV console. Such a system not only provides positive control of the AV software, but also provide critical reports and statistics, resulting in meaningful metrics.These can be used to further enhance the defensive architecture. Current AV products work best against known