"Defence in depth consists of a layered approach to protecting anasset. By using multiple layers we ensure that our security does notrely on a single protection device," Watson explains. "For Layer 1,ACL [access control list] rules on the edge router. For Layer 2, wehave a firewall. For Layer 3, we have a validating proxy. For Layer 4,another firewall. For Layer 5, we have packet filtering on a server.And for Layer 6, we enforce access controls on valuabledata."

"Each layer has different detection mechanisms as well. And for eachlayer, we consider four attributes," Watson says. "Deterrence--thebest security is one that deters an intruder--as in the physical worldrazor wire is a good deterrent, in IT the logon warning message is aform of deterrence. Detection--ideally, we want to detect the intruderbefore he has actually completely breached the layer, but this is abalancing act, since too many 'detections' can result in 'the boy whocried wolf' syndrome, where the operator ignores the alarm in future'because it always goes off'. Delay--the layer needs to delay theintruder long enough for us to get a response to the point of attack.And response--we want to respond to the intrusion--ideally byapprehending the intruder, but at the very least by scaring him awayor throwing him out."

"A measure of a good security system is where the detection system ofany layer only picks up real intrusions and the time between thedetection and the response is less that of the delay of that layer,"Watson adds.

Ideal Platform

In 2000, Watson and his team began wiring security into Chartered's ITenvironment, along the lines of this defence-in-depth model. Theydecided to switch from a multi-vendor firewall system to a singlefirewall platform, in order to get the benefits of implementationconsistency and better control access across the company's differentoffices across the world, as well as minimise cycle time required forsoftware updates and patches, along with other maintenance work, byenabling single point access to these tasks.