The Inverse Golden Rule of Security
As somebody who teaches classes on network and system security two or more times a year, I'm always looking for ways to deliver telling information, tips, and tricks related to the topic. Over the years, I've learned that nothing succeeds in lodging useful information in students' minds like the combination of good advice or information with a little bit of humor. That's how I originated what I call the "Inverse Golden Rule" of network and system security namely: "Do unto yourself before others can do unto you." I now abbreviate the Inverse Golden Rule as IGR, in keeping with technologists' desires to coin new acronyms (or "initialisms") at the slightest provocation.
If you stop to think about what the IGR really means, it makes a lot of sense. In the plainest terms possible, the IGR can be stated as, "check your own systems and networks for vulnerability to newly documented attacks and exploits as soon as possible. Do the same to check other vulnerabilities, such as back doors, malefic code, and any potential sources of compromise or exposure." In addition to the IGR, I'll also cover a few other related maxims for network security, recognizing that not everyone has all the time in the world to attack and armor-plate their networks and systems whenever threats loom large.
Administrator, Attack Thyself!
In fact, a literal interpretation of the IGR is likely to be hard to enact. That's why a more realistic implementation of any IGR strategy is to make regular security scans part of your routine network and system maintenance regime. Then, you can save literal application of the IGR only for dire cases when threats are both immediate and serious. Even then, I urge you to attack only non-production systems in a lab environment with such threats. Learning that an attack has serious consequences on your networks and systems can be even more serious if you have to own up to perpetrating that attack in the first place!
Security scanning software is available in many different forms. Nevertheless, scanning software is best explained by analogy: as anti-virus programs are to viruses, Trojans, and so forth, so is scanning software to potential security threats. That is, security scanning systems probe targeted networks and/or systems, checking them for vulnerability to documented exploits, break-ins, attacks, back doors, and other potential points of illicit entry or exposure. Such software even checks for vulnerability to denial of service attacks, which don't compromise systems but are still potentially serious because they can take systems and networks completely out of service.