Home

Attack the attackers

I believe many people involved with IT security have a feeling of frustration that stems from continuously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. What should you do?

Consider the three basic tenets of IT Security

1. Network Security is Warfare, if its “kill or be killed” in the sales department, then why not in IT Security?
2. Most of your information security strategy is reactionary with “Penetrate and Patch” methods
3. Few implementations address the collection of information about attackers

The key Elements in Information Security Strategy

Stop reacting and go back on the offensive, with a proactive security strategy based on control, collection, capture and change:

Control: Managing the access of information to and from the network and systems.
Collection: Gathering information about user habits and systems behavior.
Capture: The capture of information from anomalous events on the network.
Change: Adapt the security posture to meet new situations.

By basing both defensive and offensive tactics on these four strategic elements, you can poractively control who accesses your network, collect information about abnormal transactions, capture anomalous events, and adapt your security posture to meet changing situations.
Traditional Information Security Tactics are Defensive

* Backups
* IDM - Identity Management
* Network Access Control using firewalls/routers
* Host Access Controls
* Intrusion Prevention Systems/Intrusion detection systems
* Inbound content filtering for abusive/malicious content

Offensive Information Security Tactics

* Attacking and auditing your own systems.
* Proactive response to attacks.
* Extrusion prevention
* Honey Pots and Honey Nets.

I’d like to thank Chris Neitzert (Chris[at]Neitzert[dot]com) for his ideas on improving IT security with both offensive and defensive tactics. Download Chris’ well-written article at: Guerilla Anti-Penetration Tactics