Other sources
A couple of TechRepublic articles recommend and explain multilayered security approaches such as the one suggested by Aberdeen.
In "A multilayered strategy helps neutralise internal security threats" (free registration required), Brian Hook relays the opinions of security authority Jack McCullough about how to deal with internal security threats.
In "The firewall in a multilayer security approach" (free registration required), Mitch Bryant explains why firewalls are just the starting point for building a security fortress. He outlines false firewall beliefs and covers what a firewall can and can't do.
For additional security tips, be sure to check out the member suggestions in the discussion following Mitch Bryant's article referenced above. Member George Or suggests that a modern three or more port firewall with a stateful failover unit may be all you need as far as firewalls go. Or, as he explains, "According to Gartner's stats, 99 percent of break-ins happen because of admin mistakes and overly liberal firewall rule sets. I tend to believe this because if I do an audit on all enterprise firewall installations, I'll bet 90+ percent of them don't have tight enough policies. For example, most people restrict inbound to their DMZ, but few restrict outbound from their DMZ."
He ends by suggesting, "The most important thing to do is be diligent and constantly monitor your firewall logs and keep it patched for all known vulnerabilities. Having two brands of firewalls makes this more difficult, and, thus, overall security is weaker because of the human factor. Most companies are not going to hire both a Cisco expert and a Checkpoint expert. Hackers don't need to exploit the firewalls most of the time; they exploit your servers through the holes that you open. The best solution is a well-designed single cluster with a tight policy set coupled with an intrusion detection system with shunning capabilities tied into your firewall." You should explore the whole discussion thread to pick up some great tips.
More is better
Most IT managers are finding out that no one element alone can protect their networks from malicious attacks. A multilayered approach is the real answer.
