Your management needs to understand the very real security issues facing your company's network. But how does an IT guy explain these very serious, but frequently very intangible, security threats? Jimmy Ray shows you how
Some people just don't get it. Ever try to explain what you do to someone who doesn't use a computer? It's as hard as my trying to eat my mother-in-law's cooking making the "mmmm" sound.
Now imagine trying to sell a ghost to someone. That is what it's like trying to sell security to people who just do not "get" security. Lack of buy-in from management is the single biggest threat to any company's security posture today. Many people in management see little return on investment with security or, even worse, that data is not a tradable commodity on the black market today. The FBI reports that last year data was worth more than $67 billion to hackers on the worldwide market.
People say, "Why would anyone want to hack my network?" or "I am too small to hack." Security seems to be the stuff that gets in the way of business processes rather than protecting our most valuable company asset: the data. Many times, I've had to prove a hacker was trying to break into a network. To me, this is like trying to prove the size of Neptune with a yardstick and binoculars.
Hackers Can Attack Your Network
Proving a network is ripe for attack is hard to do and even harder to catch if you are doing it in small increments. This is what we have to do most of the time if we are billable per hour, as most of us engineers are. Many attacks come from Europe or Asia, so when we're working, they're sleeping and vice versa. Overseas hackers use this to their advantage to slip by human-watched controls and monitoring. What I have had some success with is installing a Snort server with the C&C signature set from Bleedingthreats.com. This worked in capturing automated bots and port scanners, which can normally scare the purchase orders out of a goober manager.
Data rules, or in hacker speak D4t4 Ru13z! Especially if it's the customer's own data. I install Snort in monitor mode and come back to collect the data in a week's time and sit down with the customer and analyze it. This hits about three out of 10 times. Sometimes, a week just isn't long enough. A month is good, but that gets pricey. This takes a lot of effort on your part, so I would only do this if the deal size is large. This is a good low-cost method to check for threats for convincing people. I normally don't bring one of our Cisco IPS appliances so that to management it looks like I'm not trying to sell them tons of hardware. Truthfully, I'm just looking to prove that a threat is real and not that the hardware works. If it's a small deal and not really worth the time and effort, I would get the customer (not technical management) to review some data at some U.S. government organizations such as:
- Understanding Hidden Threats: Rootkits and Botnets
- Over 1 Million Potential Victims of Botnet Cyber Crime
See more columns by Jimmy Ray Purser
Next Page: Geeks and Managers: Learning to Understand Each Other
