Monday, November 2, 2009

What is best in life? ... "Crush your enemies..."

"Crush your enemies. See them driven before you. Hear the lamentation of [their] women." - Conan

Ah - Conan... those were simpler times, no?

So often the question of the newbie to cyber-jutsu reaches my ears. "Sensei, how can we crush them? What is the best way to destroy them? What is the best tool to pwn with?"

For those of you who are willing to hear what I have to say, listen. Before seeking to destroy the enemy, seek to understand yourself.

What does this mean? Do you have your accurate inventory? If you have been following this blog, you may have created an inventory of every system and every application that is within your Information Infrastructure. If you did this last week, or the week before - is it still accurate? Have you devised a way to keep it up to date, up to the minute?

Which systems contain your private information? Which known vulnerabilities currently threaten those systems?

What was the last attack that failed? What was the last attack that succeeded? How do you know it failed? What damage was done by the success? How are you tracking these incidents?

It is not difficult to set up an open source intrusion detection system (IDS) such as SNORT, and have it report into an open source database such as MySQL. It is even quite easy to have a front end such as BASE (successor to ACID) to monitor the events. Slightly more advanced would be to set up Sguil. All of this should be done. However, the trick of it is to "tune" the IDS signatures you are using. The signatures must be updated regularly also. This takes time.

It takes time to secure your information infrastructure. It takes paying the price of perpetual vigilance. It takes time to read log files, to follow security mailing lists, to identify, track, patch, and report on known vulnerabilities. It takes time to manage a firewall and an IDS system. It takes time to educate users on how to create a significantly complex password, and remember it. It takes even more time to explain to them why they should do this.

All of this must be done before you seek to crush your enemies. Know yourself first. The better you know yourself - the faster you will learn to know your enemy.

No comments:

Post a Comment