I was on the phone earlier tonight talking to a gentlemen about security and the impact of it on the Value Added Reseller and Value Added Provider marketplace. As I was talking to the gentlemen, he was saying that consultants tended to install the networks and then just go on to the next network. Hmmm… not the consultants that I hang around with. Sure there is always the revenue from the new projects, but networks need maintenance.
Now before you say, well that’s because you run a Windows network. No. It’s because I run a NETWORK, period. A living, organic, working environment that needs vigilence.
Today in the Encase, Computer forensics class, the instructor was asking one of the students about his position and the student said that most of the time his job included “firewalls”. So the instructor said well you probably just set them up once, right? And the student said, “No actually on a regular basis we have to examine intrusion attempts, ensure that remote access to the network has only been done by authorized employees”. You don’t just set things up and walk away.
Take today for example, I got a couple of alerts about Bagle varients, next month, second Tuesday we will have another Patch day to review the patches for, and on a regular basis, I would argue that you should make sure that no one has changed the network you have configured. To ensure that a network is secure, passwords and passphrases should be changed, the network should be scanned for rogue wireless access points, to just make sure that everything is as you left it.
Look around us. What we consider to be secure today will not be secure tomorrow. Already RSA has announced a Small Business push for two factor authentication. May of the folks in the class that worked for larger firms already do this. That’s something I’m interested in checking out.
Think about the last few years. What we take for granted now, we did nothing like this a few years ago. Look at just what happened Thursday in the USA. A law went into affect called “Check 21”. No longer will you be getting copies of your paper cancelled checks, instead you will get a “digital” image. This of how much we email, fax, send electronically, order over the web now than we did a few short years ago.
You know what this business is like, the things you did ten years ago, five years ago are not what you do now. Heck, did we even know what Voice Over IP was a few years ago? And now more and more businesses are intregrating it into their networks.
Security is not an end goal. It’s a process. We don’t get a map, a final destination, it’s like life…. we keep growing, learning, changing, evolving.
Over the last four days, I used computer tools to search for emails that were deleted, for documents printed. I remounted drives that were fdisked. I made hashes of certain files that I was looking for and ran an exam against the hard drive to see if those files that weren’t supposed to be on that hard drive, were in fact, on there. I learned that as we were there using the Internet on our lab machines, traces of our activity, our email from our offices were leaving there traces in our Internet temp files [just another reason to never use Internet kiosk machines to check email and to only use your own computer], that while one piece of circumstancial evidence might be explained away, that the patterns and history I was finding left trails behind.
Our “digital lives“ need constant attention. Setting networks up, of any flavor, whether Linux or Small Business Server flavors, is not just about setting them up securely right NOW. Keeping safe on the Digital Information SuperHighway age means that you will reevaluate that network on a regular basis.
Heck look at me now, sitting in a hotel room, connected wirelessly typing up this hopefully somewhat coherent post. It wasn’t too long ago that I was pretty much dialing up on the road. I haven’t used the phone cable in my laptop bag in ages.
So getting back to the point of this rambling post, I don’t think you guys just set up networks and walk away. I think more of you guys out here are the other kind of VAR/VAP. The one who is the Outsourced Chief Information Officer and not just “the guy [or gal] who installed the network“.