LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the defense-in-depth approach to network security?

A layered approach combining multiple networking devices and services working in tandem, so no single failure exposes the network.

Defense-in-depth (also called the layered approach) recognises that no single security control is perfect. Instead of relying on one barrier, you stack several complementary devices and services so that if an attacker slips past one layer, the next still stands. Securing the network therefore starts with hardening the network devices themselves (routers, switches, servers, hosts) and adding specialised appliances around them.

Layered defense from internet through VPN, firewall, IPS, ESA/WSA, and AAA to the hosts

* Each layer catches what the previous one missed, so no single failure exposes the network. *

Typical layers include a VPN (Virtual Private Network) to encrypt traffic crossing untrusted networks; an ASA Firewall (Adaptive Security Appliance) to control what traffic may pass between networks; an IPS (Intrusion Prevention System) to detect and block malicious activity in real time; ESA/WSA (Email Security Appliance / Web Security Appliance) to filter malicious email and web content; and an AAA Server (Authentication, Authorization, and Accounting) to centrally control who may access the network and record what they do.

The strength of the model is redundancy: an attacker who evades the firewall may still be caught by the IPS, and traffic that gets through is still encrypted and logged — no single failure exposes the whole network.

Go deeper:

From Quiz: NETW1 / Network Security Fundamentals | Updated: Jul 05, 2026