In this chapter, we will examine some common attitudes towards security and patch management, and discuss how we may want to treat these topics within the context of IPCop. We will also discuss some common security risks, some common security and auditing tools and tests, and find out where to go next.
Security is, very loosely, the process of keeping our systems in such a state that either they are deemed to be impractical to break into, or in which the vulnerabilities and risks entailed in keeping those systems operational are understood, managed, and either compensated for or accepted. Contrary to received wisdom (and intuition, for some), there is no such thing as a secure system.
There is a well-used aphorism among the security community, "Security is a journey, not a destination."
The best security consultant, programmer, or IT professional in the world is only able to secure a computer system to the extent...