A properly configured firewall appliance is considered a first line of network defense, and controls the flow of information to your servers. Unfortunately, if the server receives information from the network, it runs a risk of compromise from the unlikely event that the firewall fails. A more likely type of failure is that the firewall does its job passing traffic but that the server itself is vulnerable to an unusual request. Other elements of that first line of defense would include Access Control Lists (ACLs) on perimeter routers, perhaps Web caching, or load-balancing appli- ances. It would include operating system (OS) hardening and application config- uration controls on the server, as well as ensuring that the vendor software is current according to vendor recommendations.All these things contribute to the security of the service. But because we can never be completely sure that best practices have been followed, a second line of defense is a good plan. This is known as "defense in depth."We put everything we can into the front lines, but in case that fails, we have a backup plan. A detective control is an excellent ele- ment of that second line of defense.