Open Source Enterprise Solutions

Open Source Journal

Subscribe to Open Source Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Open Source Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Open Source Journal Authors: Liz McMillan, Elizabeth White, Stackify Blog, Pat Romanski, Patrick Hubbard

Related Topics: PC Security Journal, Security Journal, Open Source Journal

Blog Feed Post

Four Steps to a Security Mindset

Written by: Matt Yonchak

 If you’ve read our newsletters before, we’ve talked about securing things from networks to web apps and hopefully have given some perspective and tips for how to do so. Recently a colleague (Rick Deacon) of mine gave a talk here at our office about what the proper mindset for a security professional should be. It got me thinking about how to develop that way of thinking and approach to my work. I think it comes down to four ideas and when you put them together it really helps you understand where we need to be and sometimes where we fall short. None of these things on their own necessarily equal security but if you keep them in mind as you work I think it enables us to better secure the networks and information we’re tasked with keeping safe.

1 – Awareness

When I say awareness, I’m referring to an in-depth knowledge and understanding of your network as a whole. Knowing your network is so much more than having a Visio diagram. It’s seeing the big picture. It’s using all the tools at your disposal to put the puzzle pieces together. Where I think we get caught up is in our lack of vision. Events on our networks are not islands unto themselves and understanding those relationships is imperative to understanding the network from a security point of view. The other important step to network awareness is to have the proper tools in place. There are plenty of Open Source tools out there that will give you a better perspective into what’s happening on the network. Nagios, Snort, NTOP, OSSEC, and TCPTrack just to name a few. So in short my suggestions here would be to understand that you need to see the big picture and gather tools that can help you do so.

2 – Correctness

I think if you set something up correctly you inherently secure it better. Creating service accounts so things aren’t running as root or administrator, or formatting your firewall rulebase properly are just a couple examples of this. If we can stick to the fundamentals we really give ourselves a leg up on security. Now I understand that we aren’t always put in situations where we can make sure things are setup correctly. Everyone is handed things to secure that when we look at them we scratch our heads and say “Really? You did it like that?”. Those situations are the world we live in, but be ready to BandAid those situations when they arrive. If you’re handed poorly written code to secure be quick with an application firewall to front end it. A big part of this is a good security awareness program. If you can at least keep security in the back of the developers and application teams’ mind, you’re taking a step in the right direction.

3 – Attention to Detail

The devil is in the details right? Same thing applies to security. I talked with our penetration testers and went over some of the common things they see when doing an assessment and found that a lot of the problems could be corrected pretty easily by paying attention to the little things. Making sure that there aren’t unnecessary services running, closing open ports, and making sure machines are patched are a few of the things that lead to bigger security issues. Those things are everyday problems that are sometimes overlooked. Patching, for example, seems routine but wow that’s a big one. Unpatched machines are like inviting hackers to come sit down at your unlocked computer. If we cut down on the small mistakes we limit the attack vector for the bad guys.

4 – Assurance (Auditing)

I don’t necessarily mean this in the normal “IT auditing” sense of the term. Think of it more as security auditing done by you. A big part of this is to audit your current infrastructure and see what steps can be taken to secure it better, but another part is basically upkeep. Make sure that the security countermeasures you have in place are actually still there and functioning. An example of this may be to make sure that hard disk encryption is on every laptop that your help desk builds and sends out to parts unknown. The goal here is constant vigilance. The security mindset is just as much about a healthy dose of paranoia as anything else and good checks on your current security measures will ensure that the devil in those details isn’t running loose on your network.

Information security is sold by many vendors as exploits and hackers but the key to security really is in the details. If you understand what’s going on, you do things correctly from the outset, pay attention to the little things, and keep track of the measures you have in place, those exploits and hackers will sit knocking at your front door with no way in.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.