This is not a conclusive post with detailed instructions.
Rather this is an open ended question for which I have a few quick thoughts.
As always with me it comes down to attacks of opportunity vs targeted attacks.
If you reduce your attack surface and harden your known attack points (firewall, wifi, desktops, remove/change default passwords, snmp, printers, etc) you greatly reduce the chances that a drive by/attack of opportunity will take you down.
However on its own, those items represent a "proven failed methodology".
Which is to say, if all you do is harden the space, without monitoring and investigating, you will fail.
Your network will get popped, hacked, cracked or other terminology meaning someone got to information and access on your network that they were not supposed to get at.
So why do it? Can't I just monitor activity and see the attacks and deal with them at that time?
If defense if doomed to failure, doesn't it make more sense to put my money into detection and reaction?
NO.
Simply put, if you cant reduce the number of attacks you cant respond in any real sense.
Think of your average *airport. Is the security fail-proof? No. Is it tight enough to stop a dedicated hijacker/attacker/bomber? No. However the in place security stops the average person from bringing a gun on board an airplane, and ups the required effort by a dedicated attacker to remove many if not most of the available avenues of attack. This reduces the number of attacks to be dealt with and that in turn makes it possible to look for the kind of original attacks that cant be defended against directly (ok the metaphor starts to break down, but hopefully you see the point).
This topic requires more discussion, proof of effectiveness, detailed reports on what works and why and to what extent. but for now, this is a good start. As an aside, Sony had neither proper defense nor accurate monitoring. they missed the incoming, the outgoing and the jumping between machines that happened inside. They cannot be used as an example of good security at any level.
Good lawyer-ing maybe.
*airport security is a hot topic and one that is debated by people much more in the know than I am.
Needless to say, many security professionals feel that US airport security is "security theater" and that it has never caught a single terrorist. I don't want to get into that discussion, but I cannot ignore its existence.
I fall on the side of "its not good security, whatever it may actually be" and I recognize that there are limits on what they can do politically. For more than that, go find one of the many blogs that harp on this non-stop.
[edited for typos]
No comments:
Post a Comment