Photo Credit: gilus_pl via Compfight cc
Minecraft – just like security
By Ross Moore
One of my favorite games is Minecraft- it’s actually a family favorite. Various members of my family enjoy the different modes. Some like Creative – being able to fly around and create all kinds of things with all the resources; some like to be in Survival mode and switch back and forth as desired; my wife and I like to play together by playing in Peaceful during daytime to create things, and then switching to Survival to fight Mobs at night. For me, I not only play Hardcore mode (I’m the only one at home who plays that mode), but I like it! And while playing it recently I thought of the world of InfoSec.
Mode
In Hardcore, you don’t get to switch to another mode – once you’re in, you’re in.
In InfoSec, you don’t get to choose which mode you’re in – you’re in for good. You have to decide up front that you’re going to go all in and treat all data as suspect – danger can literally lurk, or even spawn, around every corner. You have to be vigilant at all times.
Creepers
Creepers came about because of a glitch in one of Notch’s animal designs. Sort of like transmogrification – it was meant to be one thing, but became another thing (unlike the world of InfoSec, that change became one of the best mistakes in Minecraft, as the Creeper is one of the most beloved and most feared mobs). It doesn’t take long for a Creeper to sneak up on you – and if it blows up right next to you (you hear the hiss for 1.5 seconds), you’re pretty much done.
Those in IT security have to watch out for data that morphs, transmogrifies, takes over, etc. While Creepers are fun, creepy data is not! Bad data that gets in will want to stay in, and it’s your job to watch for it and get rid of it, or it will destroy your data.
Preparation
When you’re going exploring, you have to put appropriate things in your inventory: food, bed, coal, tools, torches, water for putting out fire if you get in lava, crafting table, furnace, building materials – the more complicated and further you go, the more you need.
InfoSec requires various and sundry tools – network monitoring, firewalls, means of communicating if the network goes down, charged phone battery, extra cables. The more complicated your setup, the more tools you’ll need.
Colors
Colors that are similar (e.g., grass and Creepers, spider eyes and flowers, birch and skeletons) make for a startling walk about. Once you get mowing down the grass, it’s tough to see that Creeper. Trudging or running through a forest can make it almost impossible to see the skeleton amongst the trees.
In Information Security, you have to be able to discern false positives and false negatives as you run through your day. Typically, the faster you go, the more you miss.
Direction
It’s VERY easy to get lost in the game. Not just spending time wandering or exploring, but actually getting lost. If you don’t make signs or place torches, then you definitely either lose time or risk the end of your character. Carry your compass and know where home is.
In your cyber security pursuits, you need to make sure that you lose as little time as possible – give yourself directions and goals, know your limits and timeframes, document, don’t explore the wilderness at the expense of knowing where your home is.
Sounds
Sounds that are similar (e.g., the sounds of shoveling dirt and sand is similar to a Creeper during the second-and-a-half before the Creeper blows up) are disconcerting. You’re making progress clearing things away, and before you know it the sounds that you’re making either mimic or mask the impending danger.
What’s the noise on your network? Is it regular and acceptable traffic, or dangerous? Are you aware?
Defenses
Spiders can climb up walls that don’t have an overhang. Baby zombies can get through 1-block-tall spaces. In low-light anywhere, mobs can spawn. In digging, you never dig straight down! In mining, you might hack into some blocks that have silverfish. There are lots of things to consider – some are on wikis, some are learned from experience.
Check your security defenses. Does your firewall allow a port that’s not used often, but that could be used? How long has it been since you checked that server? Are your backups and restores tested and ready? Assess your defensive tactics, which are best considered ahead of time.
Your Character
You get tired and hungry and have to rejuvenate. You only have so many hearts before your character is down for the count. Taking breaks and recuperating are all part of the Minecraft and InfoSec games. You get to be either Steve or Alex in the game, but the rules and options are the same.
You may have a different title or job description than others, but the rules and options are the same – take care of yourself with the many options available, or you’ll lose heart.
InfoSec is fun! Yet it also involves responsibility and risks. With all the technologies, gadgets, and gizmos available, it’s hard to stay focused on the daily tasks of making and keeping goals, treading cautiously into new territory, setting up defenses to protect your domain, keeping track of where you’ve already been, and preparing for the journey.