SANS will be teaching a high-level security course in Raleigh, NC this December. For anyone in the state, this is an excellent opportunity to get hands-on, detailed experience and knowledge about how to hack your own network, perform security assessments and learn to stay-ahead of the bad guys.
- October 14, 2008
- October 7, 2008
Part of Information Security is not making assumptions. You don’t assume that computer systems are safe, you check them. Even if they were safe when you checked them, you check them again months later to make sure they are still safe. This sort of regular assessment is no different than security guards making regular rounds in an office building late at night. Such as at a bank.
When something suspicious is discovered during a systems check or pentest, you investigate it in order to verify that what was found is what you think it is. Evidence of a server break-in needs to be checked carefully before one goes blurting out “We’ve been hacked!”. Just like a bank doesn’t say “We’ve been robbed” because some accounting numbers don’t match-up.
Such verification and re-verification on a regular basis can sometimes seem like paranoia. But paranoia is the unreasonable sense of persecution. Banks have ample reason to be concerned about their security, as there is a long and rich history of criminals robbing banks. However, there is a point at which one may indeed have to ask oneself, “Am I being too cautious?”