This is the 6th blog in a series about security and how security is about how you think.
In my last blog, I finished looking at my fictitious friend Pete’s report for the security of my house. That’s got me paranoid and thinking (or is that thinking and paranoid?). Should I sign up for one of those home security monitoring services that I see their commercials every 15 minutes? Couldn’t I do this myself?
Well, in thinking about implementing security on my entire house, what the security company gives me just isn’t enough. They give me a “free” camera (“free” as in puppy, not “free” as in air), two window sensors, and three months with free monitoring. Is that really enough? In order to really watch the security of my house, I really need enough sensors to put one on every window of my house, not just the most used two. The reason is that if someone knows that the first two windows are being monitored, then they’ll turn their attention to the others (the ones that are not monitored so that they can get it quietly). I couldn’t put the sensors on the right windows, I have to put them on all of them in order to monitor all of the entrances to my house. The same situation exists with the camera – I don’t need one, I need one for each crucial hallway, landing, or entrance of my house. Whew. That’s a lot. And I need to keep vigilant, if I find somewhere that’s not being monitored, then I have to add.
It is exactly the same in computer system and datacenters. I don’t need to watch a few things, I need to watch EVERYTHING. The biggest reason is that I don’t know what the attacker will do – they will probably hit the most vulnerable place in the datacenter or the one that isn’t being monitored. And they’ll be watching my datacenter to see what I have there in addition to what monitoring systems that I have. It’s all about “completeness of picture” – the picture that I have about my security has to be complete and contain EVERYTHING that I need to secure – whether it be my house or my computer system or datacenter.
Well, that will be easy. I don’t need anyone to help me – just a long weekend to hook it all together. I’ll go to a few stores pick up what I need and then bring it all home and set it up. But what if it all doesn’t work together? I may have to hook the cameras together and monitor them and then all of the window sensors get hooked together and monitor them separately. Then I better keep a few extra just in case they break. I may have to jumper the two systems together and get them to work.
That’s the same with computer systems – they all use subtly different systems and mechanisms to record what happens and I’ve got to get them all to work together easily. The key word here is EASILY. I’ve got to be able to take every device, system or component and be able to add it to my computer monitoring system easily with a “connector” or plug-in. Because only if I look at everything, can I really be secure.
But what do I monitor? With homes, the list is fairly straightforward – open doors when no one is home, smoke detectors, carbon dioxide alarms, all objects that should be in the house. But what about a combination of events? What if someone comes into my house and sets a fire? How to I correlate events? The list could get long and complicated. The same with computer systems – how do I track something when it hits the first router, goes past the load balancer, and attacks the database server? How do I know what to look for? How can I look for anything “bad” in the megabytes or gigabytes of information that I’m monitoring? It would be easy if it told me it was “bad”, but it’s not that simple. But that’s the next step in the process.