Early in my career I wrote a raw-socket intrusion detection daemon in C and watched raw network packets scroll in real time.
When you see what actually travels across a "trusted" network — malformed packets, spoofed headers, internal reconnaissance — the concept of a trusted network becomes a fiction.
Every system I have built since operates under one assumption: the network is hostile. The request might be hostile. Verify everything. Trust nothing by default. Log everything.
Design for breach and you will rarely be surprised by one.
— Dick Bassey | DevDick | 2011