Chapter 7 DXp InformatIon SeCurIty Implementing Defense in Depth Defense in depth provides security checks at each of the layers. We will explore defense in depth at all layers. Firewalls and Proxies For untrusted zones and external facing systems, we need to use a firewall that provides protections against attacks, as listed in the following: • Denial of service (DoS) and distributed denial of service (DDoS) • Protection against spam and malware • Load balancing of traffic • Forward proxy and reverse proxy to filter malicious data Server Hardware Level Protection The following security measures can be taken at the server hardware level: • Harden all the production servers to block all unnecessary ports, services, protocols, and software. Remove all unnecessary modules, file shares, filters, and services from the web server and application server. • Harden the operating system on production servers and remove all unnecessary software and services. • Install antivirus, vulnerability scanners, and antimalware software on production servers. • Enable hard disk encryption for the server hardware. • All production servers should be regularly updated with security patches and security fixes. Monitoring Infrastructure Install intrusion detection systems and network monitoring systems. The monitoring infrastructure should continuously monitor the application for security incidents and should report those incidents in real time. 202