Defence-in-Depth — Firewalls and Antivirus
Why do we never rely on just one security tool?
- Define defence-in-depth
- Describe what a firewall does
- Describe what antivirus software does
Overview
No single security tool is perfect. Defence-in-depth is the strategy of stacking several imperfect layers so an attacker must defeat all of them. Firewalls, antivirus, MFA, backups and user awareness each catch different kinds of attacks; together they leave far fewer gaps.
Firewalls
A firewall filters network traffic. It blocks connections that do not match rules (e.g. inbound telnet) while allowing legitimate ones (e.g. HTTPS on port 443). Firewalls live on routers, on the operating system, and in cloud services.
Antivirus
Antivirus scans files and running processes for malware using signatures and heuristics. Modern tools also block malicious URLs and monitor behaviour in real time.
Why Layer Them?
A firewall may miss a phishing attachment; antivirus will catch the payload. Antivirus may miss a new strain; the firewall may block the callback to the attacker's server.
Layer the Defences
- Draw a diagram of a home network (router, laptop, phone).
- Mark every place a firewall or antivirus lives.
- Add one more control at each layer (e.g. MFA on router admin).
- What does a firewall control?
Reveal answer
Incoming and outgoing network traffic based on rules.
- Give one thing antivirus catches that a firewall usually misses.
Reveal answer
Malicious files opened locally (e.g. a virus on a USB stick).
- State the defence-in-depth principle in one sentence.
Reveal answer
Use multiple overlapping controls so the failure of one does not compromise the whole system.
Find the built-in firewall on your device and check whether it is on. Note the OS and result.