The Unavoidable “Whoops” In Network Security

Written by: Francesco Trama | Published on: October 25th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

WE all make mistakes, its a human condition, and not curable. In network security when we make mistakes to a configuration, it’s referred to as “Fat Fingering”. I can say honestly on several occasions in my network youth, while deep into chasing false positives, on gallons of caffeine, and eyes nearly bleeding, I made mistakes.

Everyone Makes Mistakes
I can admit with-out shame that “I on occasion have applied a rule, made assumptions, or changes to my security environment with blurred thought.” We all have and is a simple fact.

Shortly after gaining my sanity, and realizing I should probably go back and double check what I did. I fixed my mistake.

Looking back, making those snap changes inadvertently placed gaping holes into my security, and luckily closed them shortly after. I had the right intentions, but fat fingered the configuration, the “Whoops”.

Although I jumped several large sharks in my day, I remember shortly afterwards becoming very retentive to a point where it was counterproductive. That quickly passed though.

Later, when speaking to colleagues recounting the latest network adventures. I remember them reverberating similar experiences, and each of us nervously laughing the event up as a “whoops”.

Back then there was a little more leniency when it came to network security, so we could breath a little easier a little faster than today. We can chalk it up to being human, young, and fearless.

Fast-forward many years, and seeing things from a different perspective with gateway security at PacketViper. I wonder how much damage the “whoops” causes today even if it lasts for only a few hours. I bet If there was a “whoops” study that can measured, it would be very shocking I’m sure. Maybe there is one, who knows?

With today’s relentless nature of probing, the “Whoops“ potential effect would be amplified to ridiculous scales even with a small crack in your security. No to mention the serious repercussions to someones career and company because of the damages which could ensue.

The “Whoops” I’m sure is still here, but I see it just as prevalent today if not more because of the complexity within our “New Network Toys”, and is where I feel are the most susceptible to “the mistake”.

Example: Right after the training stops on the new toy, we are staring at our new technologic toy alone, and seen as the company expert for it.

Sure change control, patching, strong password policies, layered security, good sensors, regular refresher training, proper network segmentation, and end point protections will limit the “Whoops” impact. But lets get real here because that only happens in a perfectly staffed 365x24x7 network security department, with unlimited budgets.

To put some perspective on the dangers, at PacketViper’s lab which monitors our global honeypots, and threat events we see unpublished IP’s probed instantly as new honeypots come online. These new systems, and depending on which part of the world will see thousands of probes per day, per sec from everywhere around the world. It’s really astounding to watch, yet marvel at the organization, persistency, and voracity of the attackers.{{cta(‘97350a3c-dbe8-4912-9d67-85fe7aa50002′,’justifyright’)}}

Imagine when the “whoops” happens now and attackers are provided unobstructed access to an unpatched end point, or server for 60 minutes.

The unfortunate reality is the “Whoops” can be mitigated but never eliminated. It’s a human condition that as of right now has no solution. So layer up, stay vigilant, and understand they never stop. Remember attackers can come from anywhere around the world, are talented, organized, and sponsored with unlimited resources unlike us.