Defense in depth is designed on the principle that multiple layers of different types of protection from different vendors provide substantially better protection. A hacker may develop a knack for breaking through certain types of defenses or learn the intricacies or techniques of a particular vendor effectively rendering that type of defense useless.
By establishing a layered security you will help to keep out all but the cleverest and most dedicated hackers. As a baseline I suggest implementing a firewall, an IDS (intrusion detection system) and anti-virus software. Working in concert, these three devices or applications can help to keep out unwanted traffic, notify you when unauthorized access does occur and protect your computer from known Trojans, worms and viruses.
A firewall can be hardware or software based. It is usually best to have the firewall on a separate computer or device because running the firewall on your PC or on a server gives access up to that point before the firewall can do its thing. Firewalls restrict access based on various rules. Simple firewall programs, or routers used for broadband Internet connections tend to restrict or direct traffic based simply on what port it is coming in on. Regardless of what type you use, the firewall represents your outer boundary of protection.
