It should be noted that information and data are the most important assets of any company. Therefore, organizations always run the risk of losing them and employ various measures to protect their information. Network security is rather complex to sustain, and companies resort to advanced technologies to secure their data. This paper aims to discuss two strategies that are widely used for network security and to compare them by reviewing their advantages and disadvantages.
Defense in Depth Strategy
This strategy is well known, and it is widely used by many organizations to build multilevel protection of the data network. This approach is based on the practice of zones and conduits. To protect the network from a violation, multilevel protection mechanisms for the entire system are used (Stawowski, 2014). In the event when an attack causes one of the network security tools failures, other instruments will continue to provide the necessary system protection.
The essence of this approach lies in the fact that many levels of protection are distributed over strategically important elements throughout the network, and they operate within a unified strategy. Different elements of the information security system consistently utilize information about the events and the status of systems. This makes it possible to provide sufficiently high control over the infrastructure. Also, the response is coordinated within the overall management strategy (Stawowski, 2014). Organizations that use this approach resort to it to build different protection levels, which allows the system to be more flexible. This protective tool uses a combination of different tactics to detect an attack and block it. The strategy must be employed at all levels and vectors of potential attacks.
Layered Security
In this method, the system creates a barrier for protection consisting of many components. Notably, these barriers are coordinated to repel various attacks. Thus, information security is achieved through many layers of protection, which are coordinated to achieve efficiency. This approach can be part of the first security strategy discussed above; however, their work principles are different.
Layered Security approach can detect, slow down, or delay the attack. It is done to ensure that the threat can be neutralized (Choi, Sershon, Briggs, & Clukey, 2014). This approach is considered more effective than the previous one, and it can be present in various security programs. The mechanism of functioning of Layered Security is rather simple. At first, it defines important information, which should be protected. Then, it backs these data up and selects the appropriate firewall to secure it. After that, it determines the approach that will be used to combat malware. It is recommended to update the software to ensure that the system is protected and to use authentication to protect the network additionally.
Comparison
The main advantage of the Defense in Depth strategy lies in its complexity. It means that this approach is characterized by added security in which multiple levels have to be attacked and broken to endanger the entire network. As stated above, the key benefit of this system can be concluded that if one of its elements has been violated, the others will proceed to function, which will not affect the work of the system (Svendsen, 2015). The modern threats can be repelled only when the system uses multiple defensive mechanisms.
Layered security has several advantages. First, it can be utilized regardless of the number of computers in the network. Second, this strategy uses multiple programs to secure information. Third, this method can be employed in different security strategies (Choi et al., 2014). In it, different attack vectors are addressed simultaneously.
In general, the main disadvantage of the Defense in Depth strategy also lies in its complexity. It cannot be considered a cost-effective measure since it requires the allocation of large resources. The approach implies that protection activities should be performed at every layer; therefore, its maintenance and management are rather difficult (Svendsen, 2015). Therefore, despite the benefits this system can bring, the ratio between protection capability and its cost is uneven.
Layered security also has particular disadvantages. For instance, it often makes simple applications more complicated. This method also implies that multiple mechanisms should be used to protect the system from threats instead of using one instrument at different layers. Therefore, it is used to address a concrete form of attack. Moreover, in cases when the attack has not been neutralized, it can cause damage to the data or the network (Choi et al., 2014). Some issues in Layered Security utilization can be linked to the actions of its users. Internal users can make the protection weak by eliminating its layers. It can result in a violation of network security.
Conclusion
Thus, it can be concluded that each of the approaches has its advantages and disadvantages. Layered security must often be a part of the Defense in Depth strategy, which might bring confusion to their users. Therefore, it is necessary to understand how these strategies work to determine which of them is suitable for a particular network.
References
Choi, Y. B., Sershon, C., Briggs, J., & Clukey, C. (2014). Survey of layered defense, defense in depth and testing of network security. International Journal of Computer and Information Technology, 3(5), 987-992.
Stawowski, M. (2014). Practical defense-in-depth protection against botnets. ISSA Journal, 12(7), 28-35.
Svendsen, A. D. M. (2015). Advancing “defence-in-depth”: Intelligence and systems dynamics. Defense & Security Analysis, 31(1), 58-73.