Tuesday, July 1, 2008

Andy sees the light

As per usual the man-in-the-trenches Andy-It-Guy comes up with some excellent observations.

He has found an example of what Bruce Shneier calls movie plot security. What is also known as "whack-a-mole" security or knee-jerk reaction. Essentially, something goes wrong and we put in controls in case it happens again. Then something else goes wrong ... we put in something different. Ad infinitum.

(The name "whack a mole" comes from the game where you have a mallet and you keep whacking plastic moles on the head. Every time you are successful a new mole pops up.)

This is a solution but its not the best solution. And in case you think that it is a terrible solution think about what anti-virus, anti-spam, anti-spyware, firewalls, IPS, patch management etc etc are... point solutions to single issues. Whack-a-mole solutions. Knee-jerk reactions to problems that crop up.

The one technology in the above list that is unfairly listed is Firewall. Best practices state that you should block everything and enable only what you need. But in the past Firewalls were generally configured to block only what was bad and to open up everything else. Then they started to "by-default" block everything in and allow everything out. We have learned our lesson with Firewalls.

Antivirus too is starting to move from a "detect and delete the following..." to a "detect strange happenings from all software... but ignore this that we know is supposed to have extra access."

Note the move from "allow all and block specific known bad" to "block all and allow specific known good".

I think that the challenge going forward will be for us to create an environment where it is possible to tie down exactly what every single person in the organisation does. Make sure that the technology supports this. Make sure that deviations are blocked.

And on top of that allow for agility.

This is not impossible but it won't be easy. But there won't be turn-key technology solutions to be able to achieve this.

1 comment:

Anonymous said...

"the challenge going forward will be for us to create an environment where it is possible to tie down exactly what every single person in the organisation does. Make sure that the technology supports this. Make sure that deviations are blocked.

And on top of that allow for agility.

This is not impossible but it won't be easy. But there won't be turn-key technology solutions to be able to achieve this."

Excuse me Alan, but there is a technology that does this now.

Trustifier technology is a security sub-system that turns the internal IT environment into one that is deny by default. It offers granular access and audit control at the data file level for all users, including admins and security officers. Trustifier acts as a kernel level policy enforcer to provide scalable multi-level security (secrecy), multi-level integrity, and multiple domain separation.