This is the 5th blog in a series about security and how security is about how you think.
In the last blog, I started to go over my fictitious friend Pete’s home security report – looking at my home’s architecture and environment. In this blog, I’ll go over the second part of it – the detailed security assessment of my home.
The next section of the report was “Access”. The section started out innocently enough – “How many doors and windows are present?” Pretty straightforward – in order for someone to get in to my house, they’ve got to use an entrance. What was strange is that it didn’t say easy to get to (on the first floor) – but all doors and windows (even the chimney!). It was a scan of the house for all entry points.
The questions asked, for each entry point, is there an alarm? A camera? Even a “ding” when it’s opened? All of this is extremely similar to computer & computer networks – when you scan a host, you try to see which network ports allow you into the computer and which ones are monitored for network use. From the homeowner’s point of view, that would be like testing each door and window to see if it was unlocked.
Then the report went further – it finished with a series of “what if” questions to figure out the reactions to events that could happen.
Overall, Pete’s assessment showed me a lot about how a security assessment was done of a home or business. It showed great similarity to the same process that happens on computer systems – how someone adept in computer assessments looks at computer systems to understand their security.
This is the end of the first part of the “Thinking Security” blog series. This blog started with the general ideas of security and how we can look at security of anything, whether it be a house, a business or a computer system. One of the best concepts that we have about the security of an environment is that begins on how it was architected and constructed. Then it comes down to considering all of the possible entry points and events that can happen – the “what if” questions about security.
Now that we’ve started to look at the security mindset – how can we do better?