What To Do When a Lion Enters Your Network
The zoo is a fantastic place to take the kids. In fact, it’s great for adults, too. The zoo has everything from the sweet and innocent ducks and geckos, to the not-so-sweet blood-thirsty polar bears and lions. Now imagine yourself walking through the zoo, maybe with a group of kids, when one of the hungry lions breaks out of its cage and runs you down. Dinner time!
There are a million and one ways to break into an organization. We try really hard to prevent initial intrusions, but the operating system and software vendors are not able to keep up with all the vulnerabilities. (And then, some vendors and some companies just don’t care about security at all. Are you one of “those” people that don’t care?) The IT folks, or security folks, or whoever else drew the shortest straw are then held accountable for all those vulnerabilities. Some folks try their best (and some don’t try at all), but at the end of the day, everything can be hacked.
The levee (like a dam) springs a leak (not a vegetable, but a hole spewing water). This is the critical moment! The ultimate test of mettle! The pivotal battle! Does someone plug the leak, or do they go off to eat a sandwich, gossiping about how some big financial firm got hacked, and “Ha ha!” nobody did anything, and now Congress, INTERPOL, or maybe even the mafia is going to come down on them hard. What will you do when the hackerman cometh? Plug the leak or eat a sandwich? Decisions, decisions.
What do you do when the lion runs loose in the zoo? You catch it, dead or alive. (Shooting a lion is okay if you do it for the children. Avoid feeding the lion’s corpse to the polar bear, though. That is bad publicity.)
What about that lion that broke into your company’s network, sneaking in through Bob’s desktop while he was surfing Facebook? I like my plan. If (or when!) someone breaks in, I want them to land in a labyrinth of pits filled with poisoned punji sticks, rabid attack dogs (sick ’em, Cujo!), and maybe some delirium-inducing fear toxin sprayed in for good measure. I want the environment to be downright hostile toward intruders. As long as my users keep on trucking without problems, and as long as I have the tools I need to manage the infrastructure easily, then I want any intruders to burn. I have zero tolerance for unwelcome interlopers and I think you should feel the same way.
By Thomas Phillips, CTO at Ridgeback Network Defense, Inc.
