Rule 7: There Are No Turnkey Security Solutions

Businesses have been rushing to connect to the Internet with the expectation that they can buy complete turnkey security. While security vendors may disagree, I don't believe turnkey solutions are even possible. There are too many variables to account for. There are too many variations in security policies, threat models, system configurations, and connectivity. You want to avoid the Maginot Line syndrome: i.e., relying on a singular safeguard like a firewall that can be systematically sidestepped. Security is not something you buy, invent or do as a one-time event; it's a continual process that requires ongoing planning, monitoring, and refinement.

A corollary to this rule: There's no checklist that will account for all vulnerabilities. Security checklists are a venerable way to check for errors and omissions, but don't be lulled by them. The checklist method of security will fail against an intelligent attacker, who has already seen the published checklists and works to devise attacks not covered by them.

Excerpt from Unix System Security Tools by Seth T. Ross
Copyright © 1999 by The McGraw-Hill Companies. Used with permission.
HTML Copyright © 1999




Albion Home | Netiquette | Netdictionary | Security

Copyright © 1990-2006 and Seth T. Ross