End Point Security: Securing the Final Three Feet by Chip Moore

The evolution of the Internet has seen many twists and turns. For every twist a new opportunity or risk presented itself. Security professionals seem to always be one step behind the bad guys. This point cannot be better illustrated than end point security, e.g. desktop, PDA or laptop security. Over the years little emphasis has been put on end point security, other than the mandatory antivirus package. The early security and network architects tried to deliver a centralized, one size fits all network with security included. This network typically had a router and a firewall. The firewall may or may not have been configured with multiple interfaces. The point is the firewall acted like a choke point restricting all but the permitted traffic. This was a solution that provided management with a level of comfort and security allowing them to sleep at night.

This is a fine solution, one appliance, protecting hundreds or thousands of vulnerable computers. The economies of scale were wonderful. This one device would protect the network from all of those bad people that exist on the Internet. The people trying to infiltrate your network would be kept out. This turned out to be a good solution. Desktops were prevalent and the operating system was the soft under side. However, over time things have changed.
http://www.infosecwriters.com/text_resources/pdf/Endpoint_security_CMoore.pdf