ABSTRACT
However, one critical element has been left out of this
brave new world: security. Despite more than a decade of
networking and personal computers, many organizational
security policies continue to target the legacy environ-
ment, not the network as a whole. These policies assume
that it is possible to secure stand-alone “systems” or
“applications” as if they have an existence independent
of the rest of the enterprise. They assume that attackers
will target applications rather than the network infrastruc-
ture that links the various parts of the distributed applica-
tion together. Today’s automated attack tools target the
network as a whole to identify and attack weak applica-
tions and systems, and then use these systems for further
attacks.