Photo Credit: findcollections via Compfight cc
It’s 5am. It’s dark and I get an elbow in the ribs, not that one … the other one.
“I heard footsteps on the stairs”
As a dad, it’s the worse thing someone can say in the middle of the night. Do we have an intruder? What will they do? Will my family be safe?
At some point you do think it through, what do I do if?
I lie calm and silent. … Waiting … My heart is pumping fast and I have to slow it down to remove the rushing blood noise in my ears until the house is totally silent. Moments later I am calm and can hear no noises. After another pause in the silence, I pull back the covers and pad barefoot across the bedroom. The house remains silent, my steps careful and faint. I open the bedroom door with only the slight brush on the carpet… notice no squeak from the door hinges, that’s some good oil!
OK.. 3rd step down squeaks but I only need to get to the top step … I move silently, constantly listening, and with a hand on the banister I lean over and peer into the darkness. But it isn’t truly dark; there is a dim hue from the streetlights in the next street … again I wait … watching closely for any change in light, shadows, movement.
I look at the stairs … 3rd step. I carefully proceed, my weigh balanced between hands on the walls and banisters, each step taken fully listening, not only to the noises of the house but also to my own noises. Silence. I reach the bottom and know I can now move freer without sound. I listen. Nothing. After a sweep of the ground floor, I peer into the darkness outside. Nothing. I open the door of the house and listen outside. Nothing. False alarm.
I lock up the house and trudge noisily and grumpily upstairs back to bed. After 10 minutes staring at the ceiling I realise sleep is not going to come and grumpily trudge back downstairs hitting every squeak and bump where I fire up the laptop and thud at the keys to write this analogy. Because protecting your home can be much like protecting your networks…..
Attackers may enter your network, they may silently wander around it, poking in the databases we spend some much time protecting. They learn where the shadows are, where you don’t protect fully. They silently open the locks and then cover their tracks. They do this under your noses and you have to be listening very carefully to hear them.
So, do you know your networks as well as you know your home in the dark?
If a criminal is lurking in one of your hiding places, they can watch and learn where the creaks are – they can test the water and see if the creaks are being heard. It is amazing how much noise you can make without disturbing anyone.
However, as I discovered, if you are not listening closely, then your attacker can make as much noise as they like in your network and you’re just going to sleep right through it. The noise in the log files would only be noticed if, and only if, those log files are being monitored. If no-one is checking log files for access, brute force attempts etc then be as noisy as you like because there is no-one to wake up!
So I want you to learn about my new security model in my house because I am sure you are going to want to use it on your networks.
Firstly put gravel on the driveway – you want a potential attacker to make noise before he hits your perimeter.
The doors of my house now have upgraded locks – when did you last look at your perimeter security? When did you last look at your firewall configuration files to ensure they are appropriate.
Assuming you got into my house I am going to make everything you now touch noisy – there are internal alarms looking for movement. You need this on your network, you need to know where people are going to – what people are looking at.
I’ve also closed all my doors so as you move around my house, you have to open a lot of doors (and some of those creak too!). Within your network, all areas should be locked down. Each area of your network should be letting you know if someone is trying to gain access when they shouldn’t be.
Next is my stairs – the kids are allowed to leave stuff on the stairs. I sure hope that someone breaking into my house gets as far as the stairs because I’ll sure hear that yell as they trip over all the stuff! And so you need to monitor your networks and put in place enough trips such as honeypots that are going to scream at you as a criminal wanders around your network.
No matter how many false alarms you have … always go and check!
