This chapter began with a discussion of the importance of a layered network security design. This layering of security provides a deeper level of protection for your network. You must avoid what I call “the orange syndrome,” as in the fruit, in which only a single layer of protection exists before you get to the good stuff. You do not want attackers to defeat a single security layer and get to the good stuff in your network.
This chapter looked at many technologies that you can use to provide a layered approach to security:
• Packet filtering via ACLs
• Stateful packet inspection
• Network Address Translation
• Proxies and application level protection
• Content filters
• Public key infrastructure
• AAA technologies
Separately, each of these technologies is just a single layer of protection, but combined, they provide you with several layers of protection and keep the good stuff safe.