One Step Ahead of the Bad Guys, part one
Lauris made a comment to a recent post. He said, "Today’s security will not prevent tomorrow’s attack scenario. We can only protect against what we know."
That got me thinking about what we know. For one thing, we know that bad things happen. That no matter how many protections we put in place, bad things will continue to happen. We also know that bad guys will find a way to circumvent many of our controls.
So, if bad things will keep happening, then it appears that one of the best protections is better detection and faster response and recovery. I’m not saying that we should drop the perimeters, just that we should always assume that bad guys will leak through some how – then the faster we detect, respond and recover, the lower the damage.
The best defense is a good offense. (I understand this even more after watching my poor Bears in the Super Bowl.) Here’s how my friend Gidi Cohen from Skybox Security thinks of this offense. Let’s look at the first step:
Before the Attack
Plan, decide and execute
- Assess your company’s risk tolerance and create an mergency plan. Ask tough questions such as How paranoid are the executives? Are your systems and assets more or less at risk (releative to neighbors, competition, etc.) How quickly will your superiors expect you to respond to attacks?
- Any risk assessment that you do should reflect internal standards, relevant regulations (like Sarbanes Oxley or certain privacy requirements), published corporate security policies, and the general risk tolerance of the company (above).
- Whenever possible, anticipate the most likely attacks and fix them first. Every vulnerability assessment I’ve ever seen has the same problems highlighted: crappy passwords; doors, ports and services open that shouldn’t be; access control systems and other applications that haven’t been properly patched; unauthorized access points (wireless routers, open windows, etc.). Those vulnerabilities account for about 80% of any assessment you might pay for. And they are the first things bad guys try to exploit. So go ahead and fix those things first.
- Put your forces on alert whenever the intelligence indicates an imminent attack.
Tomorrow, I’ll address what to do during the attack.