Security Assumptions – Don’t Make an ASS of U and ME

Viewing 1 reply thread
  • Author
    Posts
    • #170897
      Erich Kron
      Participant

      EH-Net - Kron - Security AssumptionsHave you ever stopped to ask yourself if the things you are defending against are really your biggest security problems? I am going to challenge you to think about things a little differently, as I have been myself recently. Prepare yourself, as this may challenge some of your core security beliefs, things we have been taking as gospel since the early days of securing networks. We all know our time is precious and limited, so it is more important than ever to use what time we have wisely. That is exactly why I think we need to look deep into our beliefs and be willing to challenge ourselves on a profound, uncomfortable level. So, let’s make an attempt to be completely and utterly honest with ourselves about our security assumptions.

      Do you require users to have long, complex passwords and expect them not to write them down? Do you use firewalls to cover up unpatched software, block access to vulnerable or unused services or to make up for poor configuration? What about Full Disk Encryption? Do you deploy that on every machine in your organization?

      [See the full article at: Security Assumptions – Don’t Make an ASS of U and ME]

    • #175466
      bane
      Participant

      Your basic premise is that a firewalls either host or network provide no protection if a host is properly patched and configured. You further state that you know of no attacks that have been prevented by firewalls that a properly configured host would not have prevented. I can think think of multiple times a firewall has been able to protect a host and environment, specifically:

      1. There are cases where a properly patched and configured host can still have 0 day vulnerabilities. There have been cases where a vulnerability existed that would accept packets on an interface even though the specifically targeted port is not open. In this case a firewall would not allow the traffic through to the host.

      2. A properly configured firewall can also block malicious traffic form infected hosts from exiting the environment. One example for my organization specifically was Operating Aurora traffic.

      3. If the firewall understands normal protocol behavior, it can block non-standard protocol behavior used by malicious code trying to exfiltrate the environment. There have been several malware variants that have attempted to use modified forms of SSL that have been blocked by firewalls.

      4. In the case of host firewalls, they are very valuable in denying lateral movement. They can specifically block compromised hosts from enumerating and attacking other hosts on the network. They are also invaluable for quarantining infected/compromised hosts.

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?