I use three simple rules to evaluate security solutions. These are:

1. A secure network assumes the host is hostile

2. A secure host assumes the network is hostile

3. Secure applications assume the user is hostile

These three simple rules help to make sense of the thousands of different security solutions available.  Products and practices that conflict with these three simple rules might not be the best solution.

1. A secure network assumes the host is hostile

It has been years since a firewall that enforces policies based only on source-destination-service has been sufficient.  Trusted end points harbor malware, are controlled by attackers, and are launching points for attacks.  Network security solutions must be in-line and inspect all the traffic that passes through them.  They must look for viruses, worms, exploit traffic, and even unusual behavior.  IDC dubs these solutions "complete content inspection" firewalls. Many vendors refer to them as UTM, Unified Threat Management.  I will be publishing more on the products available to do this.

One aspect of a secure network that is often overlooked is that the computers on the inside of the network are often the danger.  It could be an infected computer brought in by an employee or contractor, it could be a poorly patched server that has been compromised by an outside attacker.  Even the smallest organizations have to invest in network security solutions to block attacks from devices on the inside of the network.  This is accomplished through network segmentation and deploying content inspection capabilities internally. As threats multiply watch for solutions that either sit on top of the access switch or incorporate the switch in their configuration.

2. A secure host assumes the network is hostile

This is another way of stating the requirement for a layered defense model. A laptop, desktop, or server cannot rely on the network to keep it safe.  AV, firewalls, and anti-spyware solutions have to be installed and up-to-date.  Patches for critical applications and OS have to be installed as quickly as possible.  Browsing shields should be turned on and Microsoft IE should not be used if at all possible.

3. Secure applications assume the user is hostile

This is where authentication and authorization come in to play.  One of the best deterrents of malicious behavior is the end user's awareness that their actions are associated with them (strong authentication) and logged (behavior monitoring).  Many online services have failed to protect themselves from their customers.  This applies to internal file sharing and community services as well. 

A recurring mistake of solution providers is to mix these three security principals in their offerings.  Cisco's NAC (CNAC) was one such solution.  The concept was that the network would probe machines coming on to the network and determine their "health" and either allow, deny, or quarantine based on the results of that health check.  It ignored the fact that hosts are able to spoof their IP address, MAC address, and just about anything that would be included in a health check.  Applications abound that assume that a user on the internal network is trustworthy. 

Good security is simple security.  Applying these three rules will help any organization establish a more secure operating environment.