False Sense of Security

News.com has a pretty interesting article challenging security assumptions. One of the more common assumptions is that if you put up a firewall, install antivirus on computers and perhaps get an IDS than you’ll be all right. There is this assumption that hackers will always attack the way they did n 1995 with a little bit of reconnaissance, and some doorknob rattling.
The article says why run the full gauntlet of defenses when you can compromise a users home system and piggyback on the company VPN past all of the network security.
The principle of low hanging fruit does not apply, the article says, when you are trying to secure a valuable target. A determined hacker isn’t going to just move on to the next target. Thus you need defense in depth and defense at every level of connection.
The article concludes by admonishing against a false sense of security. Also awareness of network activity. Would you know today if one of your servers started behaving more like a client?