A successful security system is a matrix, or a combination of individual methods, techniques, and subsystems. Whenever possible, you want to use as many security principles and techniques as possible to protect each resource.
For instance, a network that relies solely upon authentication is not nearly as secure as one that combines authentication, access control, and encryption. Similarly, your site is better protected by packet filtering at the router combined with a firewall backed up by user authentication and intrusion detection.

Detecting and responding to network attacks and malicious code is one of the principal responsibilities of information security professionals. Formal techniques and procedures have been developed by expert practitioners in the field to provide a structured approach to this difficult problem.

Malicious code is intended to harm, disrupt, or circumvent computer and network functions. This code can be mobile, such as Java applets or code in the Active X environment. It can also attach itself to legitimate code and propagate. In addition, it can lurk in useful applications or replicate itself across the Internet. The following sections describe these different types of malware.

A virus is code that attaches to a host program and propagates when the infected program is executed. Thus, a virus is self-replicating and self-executing. Viruses are transmitted in a variety of ways, including as part of files downloaded from the Internet or as e-mail attachments.