Hackers = Water?
That’s right. Well, I don’t mean “hackers” in their real meaning - computer professionals, able to twist the computer doing whatever they wish, for a good cause. I will use the word “hacker” in it’s more popular meaning - computer criminal, again, able to twist your computer, but not for a good cause…
What are they like?
Well, they don’t like meeting obstacles. They hate beating their head against your firewall. They hate spending weeks and months in searching for a hole in your security systems - but hmm, if it’s worth it, they will. They will (and have done it with lots of companies) sometimes wait and search for YEARS, until they finally break your defenses.
The hacker society is just like water in a mountain - it builds it’s way slowly through the solid rock, builds whole caves - and nothing can stop it, if it is allowed to flow long enough. Eventually, they (we?) will get to you.
How can you protect your company? Buying new security systems could *probably* help. Against… some scriptkiddies.
Don’t allow the water flowing long enough to find a hole in your security.
Just change (enhance) your security frequently enough, so they would not be able to run at your speed. Change *all* passwords for critical systems every month. Change *all* user passwords every 6 months. Update your OS on client and server machines *immediately* after a patch is issued. Never run a service with higher privileges than it needs. If possible, separate your internet facing servers from your network.
Forget about DMZ. It just does NOT work.
You got it? Should I repeat? Forget about DMZ. Separate your internet facing servers from your internal network Completely. Choose completely different passwords for your internet facing servers and for your intranet facing servers. In fact you shold not have the same password for more than 1 server! If your company has DMZ connected to your internal network, and one of the DMZ servers gets compromised, it’s gone. Game over. The theory behind DMZ is like swiss cheese - holes all over it’s logic. It will slow down the attacker, but it will help him tremendously if you use DMZ.
This entry was posted on Thursday, August 14th, 2008 at 11:37 am and is filed under Securing the OS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Have your say
You must be logged in to post a comment.