Given the time, resources, and motivation, a cracker can break into
nearly any system. At the end of the day, all the security procedures and
technologies currently available cannot guarantee that your systems are
safe from intrusion. Routers can help to secure your gateways to the
Internet. Firewalls help secure the edge of the network. Virtual Private
Networks can safely pass your data in an encrypted stream. Intrusion
detection systems have the potential to warn you of malicious activity.
However, the success of each of these technologies is dependent upon a
number of variables, including:
Given the dynamic state of data systems and technologies, securing
your corporate resources can be quite complex. Because of this
complexity, it may be difficult to find expert resources for all of your
systems. While it is possible to have personnel knowledgeable in many
areas of information security at a high level, it is difficult to retain
staff who are experts in more than a few subject areas. This is mainly
because each subject area of Information Security requires constant
attention and focus. Information security does not stand still.
8.1. Thinking Like the Enemy
Suppose you administer an enterprise network. Such networks are
commonly comprised of operating systems, applications, servers, network
monitors, firewalls, intrusion detection systems, and more. Now imagine
trying to keep current with every one of these. Given the complexity of
today's software and networking environments, exploits and bugs are a
certainty. Keeping current with patches and updates for an entire
network can prove to be a daunting task in a large organization with
heterogeneous systems.
Combine the expertise requirements with the task of keeping current,
and it is inevitable that adverse incidents occur, systems are breached,
data is corrupted, and service is interrupted.
To augment security technologies and aid in protecting systems,
networks, and data, think like a cracker and gauge the security of systems
by checking for weaknesses. Preventative vulnerability assessments against
your own systems and network resources can reveal potential issues that
can be addressed before a cracker finds it.
A vulnerability assessment is an internal audit of your network and
system security; the results of which indicate the confidentiality,
integrity, and availability of your network (as explained in Section 1.1.4 Standardizing Security). A vulnerability assessment will typically
start with a reconnaissance phase during which important data regarding
the target systems and resources are gathered. This phase will lead to
the system readiness phase, whereby the target is essentially checked
for all known vulnerabilities. The readiness phase culminates in the
reporting phase, where the findings are classified into categories of
high, medium, and low risk; and methods for improving the security (or
mitigating the risk of vulnerability) of the target are
discussed.
If you were to perform a vulnerability assessment of your home, you
would likely check each door to your home to see if they are shut and
locked. You would also check every window, making sure that they shut
completely and latch correctly. This same concept applies to systems,
networks, and electronic data. Malicious users are the thieves and
vandals of your data. Focus on their tools, mentality, and motivations,
and you can then react swiftly to their actions.
