1. External Encryption: Encryption provides a way by which you can securely communicate when on internet. SSL (secure socket layer) creates a secure communication channel between the client and the server when communicating using HTTPS. Always keep your external facing web applications on SSL to mitigate risks like data theft. Check http://en.wikipedia.org/wiki/Ssl
2. External Firewalls: External firewalls is an important layer of defense because most of the time they stand between the public network and the private network. The nature of the attacks on the networks has now gone from DoS level attacks to more sophisticated Application level attacks. The external firewall you deploy should be capable of identifying the application level attacks. External firewalls mitigate the risks such as low level DoS (Denial of Service) attacks, unauthorized Intrusions etc. Check http://en.wikipedia.org/wiki/Firewall_(networking)
3. Application Authentication: It worthless to put encryption and firewalls in place if your application is not designed to secure itself. Application security is of upmost importance as it provides the 3rd layer in defense when it comes to overall protection of your infrastructure. Anonymous applications pose more threat than the applications which requires authentication from user in some form. The applications which are externally facing should be designed or integrated with some authentication method which can authenticate the users and the sessions connecting to that application. Check http://en.wikipedia.org/wiki/Application_security
4. System Level Authentication: System level authentication is important for both the servers and the client machines. The servers should be up to date with the latest updates and should incorporate service hardening techniques. Depending on what services are you running on the server, adopt the appropriate level of service security. Check http://technet.microsoft.com/en-us/library/cc163140.aspx for Windows 2003 security compliance toolkit. Also, http://www.microsoft.com/downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en for the latest baseline policies. Baseline policies provide you a ground to start using that machine from a point with minimum set of security. You may increase the level of security by customizing the default policies.
5. Virus Scanning: Viruses, Trojan horses and worms are the real threats in today’s environment and can hamper the over working and availability of the machines, services and applications. Install the best Anti-virus solution of your choice and keep it up to date.
6. Authentication to Data: Data accessed by the server/application should be based on user authentication. Anonymous access to data on File shares or in databases poses a bigger threat as compared to when data accessed on authentication.
Each layer provides a certain level of security and when combined provides a security solution. You may add layers in between the above layers like Intrusion detection Systems, Internal Firewalls and Internal Encryptions to provide extra layer of defense.
Inderjeet 