Security is there to protect you and your company, but often times it’s used to blame you and make staff life difficult. And the productivity decrease.
Security should be transparent as much as possible to users, but it’s deployed to limit the functionality or to make operation more complicated. And users are forced to look for loophole.
If the security is not introduced properly, it makes no good or it may cause things even worse.
Usually I start designing security by asking the business daily operation. By knowing the that, I can visualise how their traffic flow and what might be the attack surface. This step is by far the most important part to introduce security to any corporate network. From this perspective, the most important person is in the company, and not the external security expert.
So what the role of security experts? Their duty is to provide the best fit solutions for their client. The best fit doesn’t necessarily means the latest technologies. It’s tempting to introduce new features to block the latest attack vectors – e.g. zero day attack, but is it what they really needs to do now? If the customer doesn’t have SSL inspection in place, shouldn’t it be more valuable to the client?
Security, in general has two way to approach. One is Defensive security -the general approach to think how you protect your valuables, and the other is Offensive security -the approach how attacker think to penetrate, disable or sometimes steal your valuables. Both of them are complementary, the knowledge of offensive security makes the defensive security’s best practise, and that best practise makes offensive security more creative.
This cat-and-mouse game never ends, but by knowing both ends you know where is the easier surface to attack, and how to protect with industries best practise.
- Secure your network with industries best practise
- SIEM and action
- Learn how attackers think
- Carry out test for your staff. Never blame staff by failing, it leads worse scenario.
Security Write Up
Over The Wire – Bandit … Introductory challenges for linux security – Check my write up here