Given the time, resources, and motivation, a cracker can break into
nearly any system. At the end of the day, all the security procedures and
technologies currently available cannot guarantee that your systems are
safe from intrusion. Routers can help to secure your gateways to the
Internet. Firewalls help secure the edge of the network. Virtual Private
Networks can safely pass your data in an encrypted stream. Intrusion
detection systems have the potential to warn you of malicious activity.
However, the success of each of these technologies is dependent upon a
number of variables, including:
Given the dynamic state of data systems and technologies, securing
your corporate resources can be quite complex. Because of this
complexity, it may be difficult to find expert resources for all of your
systems. While it is possible to have personnel knowledgeable in many
areas of information security at a high level, it is difficult to retain
staff who are experts in more than a few subject areas. This is mainly
because each subject area of Information Security requires constant
attention and focus. Information security does not stand still.
Thinking Like the Enemy
Suppose you administer an enterprise network. Such networks are
commonly comprised of operating systems, applications, firewalls,
intrusion detection systems, and more. Now imagine trying to keep current
on every one of these. Given the complexity of today's software and
networking environments, exploits and bugs are a certainty. Keeping
current with patches and updates for an entire network can prove to be a
daunting task in a complex organization with heterogeneous systems.
Combine the expertise requirements with the task of keeping current,
and it is inevitable that adverse incidents occur, systems are breached,
data is corrupted, and service is interrupted.
To augment security technologies and aid in protecting systems,
networks, and data, think like a cracker and gauge the security of systems
by checking for weaknesses. Preventative vulnerability assessments against
your own systems and network resources can reveal potential issues that
can be addressed before a cracker finds it.
A vulnerability assessment is similar to an internal inquiry of your
network and system security; the results of which indicate the
confidentiality, integrity, and availability (as explained in the Section called Standardizing Security in Chapter 1). A vulnerability assessment will typically
start with an information gathering phase during which important data
regarding the target will be gathered. This phase will lead to the actual
checking phase, whereby the target is essentially checked for all known
vulnerabilities. The checking phase culminates in the reporting phase,
where the findings are classified into categories of high, medium, and low
risk; and methods for improving the security (decreasing the level of
vulnerability) of the target are discussed.
If you were to perform a vulnerability assessment of your home, you
would likely check each door to your home to see if they are shut and
locked correctly. You would also check every window, making sure that they
shut completely and latch correctly. This same concept applies to
systems, networks, and electronic data. The process of checking for
weaknesses is the same. Only the targets are different. Malicious users
are the thieves and vandals of your data. Focus on their tools, mentality,
and motivations, and you will begin to think like them.
