Disagree
Cybersecurity defense requires more than a modern network defensive tool with a complex design. A good cybersecurity architecture is achieved by implementing a defensive in-depth security architecture. Defense in depth has long been a military strategy for defending a military fort against an opposing enemy. The strategy is similar to medieval castle defense techniques, where a castle defense consisted of numerous obstacles to slow down the opposing force from gaining access to the castle. According to Viega and McGraw, the concept of “defense in depth is to manage risk with diverse defensive strategies so that if one layer of defense turns out to be inadequate, another layer of defense will hopefully prevent a full breach” (Viega & McGraw 2002).
When designing and establishing a modern networking security architecture, Defense in depth should be implemented in the overall architecture of the network. This means that Layer security defense should be implemented using VLANs and port security. Vlan provides the ability to isolates the broadcast domain and create security enclaves at the layer two levels. Firewalls and routers are essential in isolating and creating security groups at the layer three levels. Implementing multiple trust zone within a network is critical, as many organizations will have applications that customers need to access. These applications should be hosted on a server within DMZ and separate but limited access to the internal organization networks. Continuous monitoring is also a critical component of network security. Network and system administrators must review logs daily as well as adjusting IDS and IPS signatures.
Viega, John & McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley, 2002.