The Defender's Dilemma
When we perform penetration tests, we try to enumerate as many weak points of the target network as possible. Do you think a real attacker would do that? Most likely the answer is no. The attacker only needs to find one way into the network. So, why do we look for more than one when we do a penetration test? The answer is that whereas the attacker needs only one entry point, the defender must defend all points. This is known as the defender's dilemma. It is not enough to close down some holes. You have to close down all the holes an attacker would use.
Remember the Unicorns
Remember what we said earlier about network security? The defender's dilemma is that network security is not an end state. We have seen a number of companies contract for a penetration test, sometimes as part of a security assessment, only to receive a report that concludes that their network is secure. The accurate conclusion to such a report many times is that the firm that performed the assessment was incapable of getting in, likely because they are not very competent attackers. It is impossible to say that a network is secure. To understand why, remember your unicorns.
If you ever took a symbolic logic class in college, this will bring back fond memories, to be sure. If you did not, you missed out on what may be the most useful course ever offered. Symbolic logic is one of those great philosophy courses in which you learn how to analyze truth. It is a great course for Monday morning, because you probably would do better after a rough weekend!
In symbolic logic, we learn that you can never prove that there are no unicorns. To do so, we would have to go to every possible place where there might be a unicorn and prove that there is not one there. Oh, but we need to go to all these places at the same time; otherwise, the unicorns might just move from one place to the next while we are moving. To extend that to network security, the only way to demonstrate that a network is secure is to enumerate all the places where it might be insecure, and demonstrate that it is not insecure in any of them. If you can figure out how to do that, you should write a book.
By contrast, to prove that there are unicorns, all you have to do is find one. That is a lot easier than demonstrating that there are none. In network security, to prove that a network is insecure, all you have to do is find one vulnerability. This is why we say that "network security" as a state is impossible. We can never prove that, so what we will work toward is network protection, the absence of any unmitigated vulnerabilities. The remainder of this book focuses on network protection.