Unobserved security
As one of the things I work on, I do penetration testing of some of my clients, and work to determine both the efficacy of their defences, but also whether or not they are easily discoverable. While security through obscruity is not a good strategy, it doesn’t hurt if it’s just another layer. More and more, I’m finding that, at least for systems on the Internet, the general security posture of the platform1 is pretty good.
What is often overlooked, however, is the necessary monitoring and observation that can maintain the proper posture over an extended period. Sure, the system might be “secure” when you install it, but what about tomorrow? What about as the nature of threats change? Someone has to be paying attention. Almost universally, no matter how talented the capabilities of the staff, they are static.
If you’re paying someone to watch your network for you, 24×7, don’t you think they should notice less than subtle attacks on the network? I can forgive not finding totally randomized SYN-probes, but when, just for kicks, I let something like nikto or Metasploit loose without constraint on a server and nobody notices, I am especially concerned.
The lock is not as good as you think if you don’t pay attention to the behavior around the door.
1 I’m speaking purely of network, system and server infrastructure. I am not speaking of the applications developed on top, which continue to be a largely unmitigated disaster.
This entry was posted at 2:56 pm on 13 January 2007 and is filed under Security. You can follow any responses to this entry through the post-specific RSS 2.0 feed.
No comments found.
You can leave a response, or trackback from your own site.