Security threats and counter measures

PeopleAll too often as an Infrastructure Architect I found myself subject to lobbying by security professionals and product vendors to provide ever stronger security counter measures into my solutions.  Inevitably these counter measures had a detrimental effect on end user experience so I was always keen to see evidence of the types and level of threat that could be fed into a risk assessment.  Unfortunately I rarely got to see this threat analysis and almost never saw it in a form that would allow me to do a meaningful risk analysis, so I was often in the uneasy position of following “policies”,  rather than doing analysis.  I was never happy that the policies had a good risk analysis to support them either.  So it’s nice once in a while to come across an article that includes some description of the threat.

To give you some idea as to why I worry about the automatic application of policy as a substitute for analysis, here are a few of my personal experiences:

  • I have only ever had one virus in my 20 years of using computers, and I would not describe myself as risk averse in my usage. 
  • That virus was the result of a network attack from a device on my companies network on a Virtual Machine that was in the process of down-loading its first set of security patches from Microsoft Windows Update
  • I don’t get very much spam
  • The spyware tools on my PCs have only ever found false positives
  • I have always felt that the biggest security risk by orders of magnitude on a reasonably secure corporate network is people leaving a company to go and work for a competitor, combined by a USB mass storage device like an IPOD
  • The next biggest security risk is a wireless access point hidden under a desk or similar, and rarely ever detected
  • The biggest virus outbreaks I have seen have always bypassed all of the specialist defensive tools,  but all could have been stopped by a combination of software execution restrictions policies in XP,  the ability to rapidly deploy simple agents to every PC, the ability to immediately make all network drives read-only, the presence of a local firewall on all PCs and servers.  These are all general purpose tools to have in the kit bag.

 

Steve Richards

I'm retired from work as a business and IT strategist. now I'm travelling, hiking, cycling, swimming, reading, gardening, learning, writing this blog and generally enjoying good times with friends and family

Leave a Reply

Your email address will not be published. Required fields are marked *