Real Security Means Securing Every Point, Not Just Entry Points And End Points

A good recent book about effective network defense, written by a Cisco security engineer, has plenty to say to anyone trying to defend a network, whatever its size, and, to a point, whatever hardware it rests upon.The book, End-to-End Network Security: Defense-In-Depth by Omar Santos takes a good, long look at one of the key facts of IT life, as true for small and midsize businesses as mega-corporations: networks aren't what they used to be.

They're more, and they're becoming more with every passing day, every new network-capable device or technology, every employee, every successful exploit and too many of the unsuccessful ones.

Santos's prescription: thorough, thoroughly layered, and re-layered defenses. Hence the "In-Depth" in the title. There's no more one-stop stopping when it comes to the threats we face and the angles from which those threats come at us.

Caveat: On the technical side, make no mistake: this is a book about Cisco architecture, as is pointed out in greater detail in a good Slashdot review here. At $55.00 the book might be too pricey for non-Cisco security architects.

On the philosophical side, though, Santos's message is right on-target for every one of us. True security involves every point on your network, and involves securing (and re-securing) every one of them every minute of every day.