Can complexity lead to poor security ?
Its been a while since I last posted. Been pretty busy with work which is good. I've been playing around with a lot of new products and thought I would write this quick update.
Back in the day when the only options were to configure systems via command line your average generalist would leave this type of thing to the "experts". Now with the number of servers and workstations growing, the generalists have become more multitasking, bringing knowledge from home to the workplace and vice versa. So what about security ? Well this is an area in which a lot of people dabble without understanding the complexities of the task. Just getting something working may be acceptable to get a result but not fully understanding the how and why poses the risk in security. A GUI somewhat simplifies most tasks but an "invisible" command entered at the CLI of the same device will likely go unoticed. Everyday admins make changes to make their job easier, and often take the simple approach. Open a port, switch off the windows firewall, use administrator username and password credentials to enable services and adding new VLAN's for testing to name but a few. In order to combat these types of issues manufacturers of security systems create new ways of sniffing out these issues.
These systems play an important role in most networks but if not used correctly or monitored regularly are worthless. Before adding more complexity to any infrastructure admins should review what they have. Study and consolidate firewall rulebases, update security policies, refresh the infrastructure generally and document what is really there as opposed to what we think is there. Once a baseline has been re-established it is time to consider additional software and hardware which will assist with maintaining an efficient and well managed network.
Back in the day when the only options were to configure systems via command line your average generalist would leave this type of thing to the "experts". Now with the number of servers and workstations growing, the generalists have become more multitasking, bringing knowledge from home to the workplace and vice versa. So what about security ? Well this is an area in which a lot of people dabble without understanding the complexities of the task. Just getting something working may be acceptable to get a result but not fully understanding the how and why poses the risk in security. A GUI somewhat simplifies most tasks but an "invisible" command entered at the CLI of the same device will likely go unoticed. Everyday admins make changes to make their job easier, and often take the simple approach. Open a port, switch off the windows firewall, use administrator username and password credentials to enable services and adding new VLAN's for testing to name but a few. In order to combat these types of issues manufacturers of security systems create new ways of sniffing out these issues.
These systems play an important role in most networks but if not used correctly or monitored regularly are worthless. Before adding more complexity to any infrastructure admins should review what they have. Study and consolidate firewall rulebases, update security policies, refresh the infrastructure generally and document what is really there as opposed to what we think is there. Once a baseline has been re-established it is time to consider additional software and hardware which will assist with maintaining an efficient and well managed network.
Comments
Post a Comment