In 2005, the Carnegie Mellon University CERT Coordination Center counted 5,990 new vulnerabilities (www.cert.org/stats) compared with 1,090 in 2000 and 171 in 1995. The Information Technology-Information Sharing and Analysis Center (www.it-isac.org) reported 52 new vulnerabilities and 16 new proof-of-concept (POC) exploits in the five days from June 20 through 24, 2005 (the week this chapter draft was first written). Despite a worldwide acceptance of the hacker and malware problem, the threat only continues to get worse. We need a better defense plan.
This chapter is divided into thirds, discussing overall guiding computer security defense principles and conventional and unconventional recommendations not covered elsewhere in this book. Most of the conventional recommendations are well known and should already be implemented in every network. On these issues, best practices will be discussed to maximize their efficiency. But as the statistics show, conventional defenses aren't enough. This chapter provides unique advice that can significantly improve your security strategy.