Philosophy of Security...

When talking about security on the internet and within computer systems and networks, people always say to assume the worst. There is always that remote possibility, so as a security engineer, you cannot just ignore different types of threats simply because they are very low likelihoods.

This article by Kelly Jackson Higginson DarkReading.com explains that the likelihood of a malicious intruder is actually a lot higher than you or I would assume.

The RSA Conference is a seminar held in San Francisco that focuses on cryptography, and progress in the field of internet security. Kelly Jackson reports that one of the most interesting new tools in system security is a device that monitors behind the line intrusions. A tool like this is similar to what is used by Cliff Stoll in the tracking and apprehension of hacker Markus Hess on the Berkeley networks in 1986.

When talking about security in a commercial setting, most talking points are first defense security. Firewalls, Traffic Limiting and monitoring, Strong passwords, Trustworthy and reliable users, and things of that nature. This tool however, assumes the worst. As Darin Anderson, a U.S country manager for Norman Data Defense Systems, is quoted saying “The dirty little secret in our industry is that everyone has been compromised,” and other prominent folks in the security industry agree. Security breaches are not a matter of if but when. This is a massive shift in security philosophy in my opinion, and a welcome one. It has been a priority to keep a system secure from external intrusion by unauthorized users, but I think it is just as important to have proper counter-measures in place for when your system does finally become compromised. No system is perfect. If there was a perfect security system there would be no need for any progress in the industry, however, with the quickly evolving technology market, there will always be bugs and holes in software and in thinking that need to be repaired.

The tool sits inside a network and is used to track suspicious activities of intruders. The article explains that this philosophical shift is attributed to the fact that most attacks have become highly sophisticated, as they are driven by desires for financial gain of hackers, so fiscal and attack success become tightly related to one another.

The saying goes, “Keep your friends close but keep your enemies closer.” I feel as though this was a shift in security attitude that needed to happen. You can't always rely on your system of intricate firewalls and protocols to keep you safe, as we all know that human error comes in to play with any sort of legislative protection. You cannot prevent someone from making a mistake, so having the proper counter-measures in place along with proper defenses may be just what this industry needs, even if it is simply a matter of deterrence and countering hacker incentive with a greater risk of detection.