Once upon a time in a land far, far away, network and system noblepersons rejoiced in their deeds and frolicked...
in the mesmerizing and limitless horizon of connectivity.
Then, the worm turned. There were Slammers and Blasters and evildoers. "Oh my! Oh Mydoom!" Even so, many remained in denial (of service) and continued to marvel at the horizon.
It was a magical land where data floated from access points to users' Palms. Where sniffers played and users never WEP'd. There was a Phish Fry once a week. The beer and the buffers overflowed. You could find Smurfs and Trinoos and kids playing Man in the Middle.
One day a faint but steady rumbling sound could be heard in the distance. It drew closer and louder and seemed to come from all directions. Its crescendo shook the infrastructure of the kingdom of Impervious. Holes began developing and the noblepersons began patching here and logging there. The rumble would subside and then, from the distance, it would begin again.
Firewalls were thrown up to ward off the sound. But the sound took off its shoes.
And the noblepersons cried out: "We must use advanced techniques to detect and prevent." "Damn the torpedoes." "We will perform patch management." "We have only just begun to fight." "Stop the worm in its tracks." "Does anybody really know what time(-to-live) it is?" "How are we going to pay for this?" "We better ask the King!"
"But he is the King of Impervious, and he will scoff at the notion of paying good coin to remain impervious. He will consider it extortion, blackmail, a king's ransom! He will not be happy. He will accuse us of not doing our jobs. We must try and keep Impervious impervious by using our brains and our brawn, and our hourly rates."
About the author
Bill Kirkendale, CISSP, has been an IT professional for fourteen years and is a former United States Marine. Please send us comments on this article.
THE KINGDOM OF IMPERVIOUS: PROTECTING THE INFRASTRUCTURE
Protecting the infrastructure
Creating security regualtions
Enforcing threat prevention rules and regulations
Risk and vulnerability assessment
Threat and audit response
Security awareness and education program