It isn't enough just to try keep the bad guys and their bad code out of your network. If your network has portable computers of any kind, then all your flashy and trendy border security is powerless to stop malicious activity when users hang out on the hotel LANs at computer security conferences and then return and connect their Typhoid Mary laptops back to the corporate network. At an event one year, we helped a user remove about 20 active worms and viruses from his laptop. When we recommended some security measures he should consider, his attitude was "I don't care." Who knows how many other computers at the event this guy infected? Do you want him in your network? Or communicating with machines that will at some point return to your network?
Because there really isn't much of a perimeter anymore, every network should be considered hostile . All hosts must start participating in security decisions and take responsibility for protecting themselves from other computers in the network. With the practices and technologies we've described here, you can measurably improve the security of all your computers. Assume that you can't control access or entry, consider anonymity to be dangerous and something to avoid, and begin implementing appropriate kinds of authentication and authorization wherever possible.