It is a tragedy when a single passenger plane crashes, worse when a plane full of people goes down, and an unspeakable horror when a plane is used as a weapon of terrorism. Today, airports are transforming into examples of defense in depth. Defense in depth is a primary focus of this book, and the concept is quite simple: Make it harder to attack at chokepoint after chokepoint. How many security systems or defensive layers would you have to defeat to rush through an airport race to a waiting, fueled, long-range jet, commandeer the plane, drive it out on the tarmac to take off, and use it as a missile? Many are obvious, such as security checkpoints, armed National Guard troops, locked doors, and tarmac controls. If you did manage to get the plane in the air, you would also have to defeat fighter aircraft. It isn't impossible, but it is unlikely that you could defeat the defense in depth that is now employed at airports.
Defense in depth is present in every chapter of this book, and it's becoming easier to implement in information technology. High-speed programmable hardware boxes, such as UnityOne from TippingPoint, can help protect our network borders from worm outbreaks. Technologies we have already discussed in this preface, such as next-generation intelligent switches and HIPS, allow us to implement multiple layers for our perimeter and internal networks, albeit at a significant cost. No matter what role you play in your organization, it is important to read the intrusion prevention chapter and make sure the folks in charge of the budget know what is on the horizon. As you read this book, you will learn how to architect your network so that it is resistant to attack. As we evolve as an information-based society, the importance of protecting intellectual property assets continues to rise.