To Protect and Serve
By Amit Asaravala, Executive Editor
Let's be honest—security scares us. Of course, it's not the security itself that we find so frightening, but the implications behind it. The vaults at the bank imply that there's someone in line scheming to steal our money. The checkpoints at the airport imply that there's someone on the plane willing to harm us. The locks on the front door imply that there's someone on the other side trying to take our belongings. Or worse. What happens if we forget to lock the door one night?
Security on the Internet is no less daunting. Sure, we can sit in meetings and talk abstractly about secure servers and strong encryption, distancing ourselves from any real threat. But what would you do if you went to work tomorrow and realized that your company's database of credit card numbers had been hacked into and stolen? Perhaps you're the sys admin who's been putting off installing that latest security patch. Perhaps you're the developer who forgot to write the extra lines of code that check for a buffer overrun. So much for job security.
This month we focus on preventing such catastrophes. Both Matt Curtin and John Stewart explain the technical details of securing a business network, albeit from different perspectives—Matt prefers the top-down approach whereas John measures security as the sum of its connections. Regardless of the approach you take, what you'll find in these pages is that there's a lot more to security than setting a few passwords and changing them occasionally.
There's something here for the small-office/home-office user as well—after reading Lincoln Stein's "Webmaster's Domain" column, I went home and unplugged my DSL line while I reconsidered my network configuration.
