Bruce Schneier writes about active deterrence and retaliation in Cyber-Attack-a post that takes me right back to one of the first ideas I ran into getting started in security-The Defender's Dilemma. It talks about the 2 opposing forces at play in this space: attackers and defenders and says "it's a lot easier to be an attacker than a defender".
Here's what it means for me...
As a defender, I need to make sure my firewall lets traffic through on some ports (21, 25, 80, etc.) but not others. My app server must be locked down-this means getting rid of default apps, changing default passwords, tightening up my server.xml or http.conf, and staying on top of those daily security updates-. And wouldn't it be great if my application was built by people who've heard of things like cross-site scripting and SQL injection-sadly these are still too few and far between.
As an attacker, all I need do is find one buggy service still running, an over-looked configuration setting or a single unprotected form field in a web application that might have 1000s (alright... an unprotected field that's used in an interesting way-oh in say... a SQL query).
The general in Schneier's article suggests always being the attacker. Setting aside the moral high-ground for a moment this is the best way to tip the scales in our favour. What he's doing is moving the battlefield away from our systems and networks into somebody else's-which should make for much less collateral damage. Unfortunately that's not something we're going to be able to do is it-enter that pesky high-ground. :-(
So what's left to us? Disaster recovery and response plans, rock solid backup strategies and constant vigilance. *sigh*
And the topic for another entry... :-)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment