RE: IPTables Based Firewall Testing

[larsmith <larsmith () tds net>]

There's a lesson to be learned from the following.

When I was in High School, I played chess.  Unfortunately, I had the
misfortune of having a "low attention span", so I wasn't a good
"student" when it came to learning moves and figuring out what others
might be doing in some "organized fashion".

When others learned moves and learned to recognize "classic" moves so
they could defend themselves, I couldn't.

I kept winning, though.  I won because I didn't "play by the rules", so
to speak.  Because I didn't learn all the classic moves and defenses, I
didn't use them.  I made things up as I went.  I made the best of what I
had and, interestingly enough, I won more games than the "Experts"
figured I should be able to win.

Today, I find out what others are doing, watch as InfoSec people place
so many eggs in one basket ... watch as they lean so heavily on "their
moves" ( so to speak ), just like people used to do in Chess ... and I
scratch my head.

I, also, am a believer in the KISS principle.

All the way through networks I've implemented and been responsible to
support / protect / defend, I've placed ... well, trip wires.  Not as in
"TripWire" the product but different little things along the way which
"go off" and alert me as to what's going on and what needs to be dealt
with.

Along the way, there are apparently either undefended or perhaps
ill-defended systems which might appear to be easy targets.  They go a
long way to build a false sense of "ease of the kill" for any who might
be snooping around in our network.

Having studied hacker methodology and knowing that to "become good" at
hacking, a person needs to practice certain disciplines and needs to
"get into the groove", as it were, I use that against them.  Because
most hackers have their "pet ways" of moving in on a target and yet at
the same time, use so many "classic moves", I use that against them.

We have a "line of defense" that doesn't stop at the door.  Knowing that
such a high percentage of real hacks and security violations happen ( or
appear to happen ? ) from within an organization, I've planted little
"alarms" all along the way, randomly placed through out our
organization, that are designed to alert us to what's taking place at
the hands of prospective hackers or rogue processes.

You'd be amazed at the results of such an unorthodox approach to infosec
!!

The moral of the story in this case is that "following the rules" is
sometimes a weakness.  Being predictable can similarly be a weakness. 
Doing "what everybody is doing" is a weakness.  Using what everybody is
using is a weakness.

I never assume that I've got the job done.  I seldom leave the same
"trip wires" in place for very long.  I move them around.  I have an
almost arbitrary approach to these helpful mechanisms so that my
"methodology" can't be predicted.

All I know is that it works.  I learned a lot from Chess.

Allan

P.S. and it's AMAZING how budget friendly our system(s) is(are).


---------------------------------------------------------------------------
----------------------------------------------------------------------------