kayodeok's Weblog

Sunday 09 January 2005

How A Criminal Might Infiltrate Your Network

If you are a System Administrator, you may wish to have a read through these articles:

• How A Criminal Might Infiltrate Your Network

  Note the author's warning at the end of the article: Once a network has been thoroughly hacked, the system administrator has three options: update their resume, hope the hacker does a good job running the network, or drain the network. You will of course need to take action to deal with the attack.

  The author goes on to consider a number of options available to clean a hacked system and why they are not the best options here. I made a list here:

  • You cannot clean a compromised system by patching it; patching only removes the vulnerability
  • You cannot clean a compromised system by removing the backdoors
  • You cannot clean a compromised system by using some "vulnerability remover."
  • You cannot clean a compromised system by using a virus scanner.
  • You cannot clean a compromised system by reinstalling the operating system over the existing installation.
  • You cannot trust any data copied from a compromised system.
  • You cannot trust the event logs on a compromised system.
  • You may not be able to trust your latest backup.
  • The only proper way to clean a compromised system is to flatten and rebuild it.

• 10 Immutable Laws of Security

  These laws which are discussed in the article and listed here in summary form are as a result of the way computers work and require a bit of common sense on the part of the user:

  • If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
  • If a bad guy can alter the operating system on your computer, it's not your computer anymore
  • If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
  • If you allow a bad guy to upload programs to your website, it's not your website any more
  • Weak passwords trump strong security
  • A computer is only as secure as the administrator is trustworthy
  • Encrypted data is only as secure as the decryption key
  • An out of date virus scanner is only marginally better than no virus scanner at all
  • Absolute anonymity isn't practical, in real life or on the Web
  • Technology is not a panacea

• 10 Immutable Laws of Security Administration

  These laws which are discussed in the article and listed here in summary form reflect the basic nature of security and cannot be patched against:

  • Nobody believes anything bad can happen to them, until it does
  • Security only works if the secure way also happens to be the easy way
  • If you don't keep up with security fixes, your network won't be yours for long
  • It doesn't do much good to install security fixes on a computer that was never secured to begin with
  • Eternal vigilance is the price of security
  • There really is someone out there trying to guess your passwords
  • The most secure network is a well-administered one
  • The difficulty of defending a network is directly proportional to its complexity
  • Security isn't about risk avoidance; it's about risk management
  • Technology is not a panacea

Related Reading

• The Day After: Your First Response To A Security Breach
• The "Higher Security Mindset" - Seven Best Practices to Keep you Safe
• Stalking the Wild Wi-Fi Network
• Integrating Security Into The Corporate Culture
• System Administration: External attacks

Related Categories

• security+network
• security+sysadmin
• security+checklist
• windows+security