An email we got today from John Moser sparked an idea for something that I thought was a great lesson learned. So I wanted to share it with everyone. John was participating in the collegiate cyber defense competition. If you have never participated in capture the flag competition or a red/blue team activity, you are missing out. You really should try to participate in one cause its a great experience and really drives lessons learned home. Not to mention that it is an absolute blast!
What really caught my eye was this from John: "This doesn't help when you have a full default EVERYTHING install of Fedora Core 3 and 4, Win2000, and Win2k3. It particularly doesn't help when you don't know what EVERYTHING is and how EVERYTHING is configured, because EVERYTHING becomes an entry point for hackers who know how to exploit blatant configuration errors." In another email exchange he said: "What I didn't know was how every inch of every system on my network was configured. " So by now, you probably know what I want to talk about. John nailed it. You can shut all the doors and windows and lock them tight, but if you forget there's a window in the basement that was secure when you looked at it a year ago and hasn't been checked since....bad things can happen. I don't think it can be emphasized enough that you have you know your systems. There are three things that came out of this for me and I see as issues.
Configuration management is a key piece to making sure this doesn't happen. Documenting what is being done and what is on a system is so important especially on a large network where there are many fingers on the keyboards. You have to stay on top of it all the time. It's also important to realize that mistakes will be made and that is just a fact. Hopefully they will be caught early. Learn from them! Stay on top of your skills and understand what it is that is going on your network. Keep in mind that if you don't someone else out there probably is. Lorna J. Hutcheson CACI |
Lorna 165 Posts ISC Handler Mar 29th 2006 |
Thread locked Subscribe |
Mar 29th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!