We seldom read anything that totally surprises us, but a short item written by Paul Thurrott at Connected Home did the trick.
Thurrott, a well known computer journalist and Windows expert, notes that a growing number of experts say securing wireless networks is unnecessary as long as the devices attached to the network are secured. He adds that the conclusion initially sounds "ludicrous," but makes more sense as one thinks about.
We haven't gotten past the ludicrous stage. It's like saying that police don't need to patrol the streets as long as everyone's house is locked.
For one thing, it's just a bad feeling knowing that anyone and their brother can be running around on my network. I simply don't want anyone in my house, even if all the valuables are safely hidden away.
A second and perhaps more substantive objection is that security seems to be best practiced at the highest and most holistic level possible. For one thing, security is complex. Guarding against myriad potential threats on every networked machine -- even in a relatively small home or small business office -- promises to be inefficient at best and downright impossible at worse.
Consider unified threat management (UTM) packages. They seek to combine a number of security approaches -- antivirus, firewalls, antiphishing, etc. -- into a single network-level device that lets network administrators deal with one console. This seems to make a lot more sense than reinventing the wheel on each disparate device.
Commentary around a recent Arbor Networks survey on botnets focused on the point that broad-based ISPs -- not individual users -- are best positioned to find and disarm armies of zombies. The focus is on concentrating security as high as possible in the network hierarchy.
The analogies aren't perfect, but the basic thrust is clear: Security is a complex, multifaceted and rapidly evolving endeavor. This makes granular device-by-device or threat-by-threat approaches inefficient. Of course, each machine should be protected -- but as a backup to a comprehensive network-level protection plan.