- The Methodical Approach and the Need for a Methodology
- Firewalls, Security, and Risk Management
- How to Think About Risk Management
- Computer Security Principles
- Firewall Recommendations and Definitions
- Why Do I Need a Firewall?
- Do I Need More Than a Firewall?
- What Kinds of Firewalls Are There?
- The Myth of "Trustworthy" or "Secure" Software
- Know Your Vulnerabilities
- Creating Security Policies
- Defense in Depth
Know Your Vulnerabilities
Continuing this thread, it's important to understand what your weaknesses and vulnerabilities are before you try to solve any security problem through improvement. After all, if you don't know what's broken, how can you fix it? As we mentioned before, the best way to learn what your adversaries can do and where you need to focus your efforts, is to look at your network and its assets from the perspective of an attacker in a brutally honest manner. You will want to attack your network or engage someone who can do it for you. The intent is to enumerate every known vulnerability in your organization so that you can make an informed assessment to manage the risks created by these vulnerabilities. We will explore this topic in more depth in later chapters. Just remember, it's not enough to secure your network. After you do that, you will want to try and break in. You can't know if your efforts are worthwhile without testing them.