I have smart cards and security baselines, so is my network secured?
I started working as an infrastructure guy and playing around Active Directory and networking .I worked in many different platforms and products before I decided to specialize in network security and I have been working and researching in this ﬁeld for 5 plus years now, and my researches at ﬁrst was not about security products themselves, but about the theory of security and all related things like risk assessments and threat modeling, before I focused on Cryptography science and Public Key Infrastructure then jumping to Microsoft security products and solutions including Smart Cards and Identity life-cycle and management
I sometimes get asked this question “Do we have a secured network?” and also people think that my role is to make things 100% secured and that if we brought dozen of security products and the latest intrusion detection and prevention devices in addition to deploying smart cards ,that we have reached the state of secured network. The answer for all those questions is NO.
“Security” is deﬁned as “freedom from risk or danger; safety”. It is obvious that security in computers can never gain this goal. “Computer Security” on the other hand is more “management of risk” as “Secure” means we can stop working because the network is now secure.
So, network security is a process, a task description, not an end state. It is a journey, not a destination. I would like to think of network protection as the goal and network security as a task description.
Let us get back to the question “Is your network secured? “. Well, we cannot answer this question, but instead we are aiming to have “Secure Enough” network though. What does that mean? One way to look at it is by comparing it to a car alarm. Does a car alarm make it harder to steal a car? No, not really. Does it prevent the? Well, that depends. If you have an alarm but the car next to you does not, it is likely that a thief may just steal the car next to yours (unless he really wants yours).
It is kind of like the old story about a camping trip. Two guys are sing by the ﬁre and one of them asks what they will do if a bear comes. The other guy says, “That’s why I am wearing sneakers. “The ﬁrst guy asks, “Do you really think you can outrun a bear though?” The second responds, “No, but I don’t need to. I just need to outrun you!” In some cases, it is simply enough to be a more diﬃcult target than someone else.
I hope you got my idea clear now. As long as bad guys are not out to get to our network speciﬁcally, if we protect our network suﬃciently, it is likely that they will attack a network that is less secure, unless they really want something from our network. So we face two challenges: protecting our network from casual attacker or virus that does not care which network it destroys, and protecting our network from the determined attacker who wants information from us.
However, if we take some fundamental steps, we will have accomplished the former as well as make the job of the determined attacker much harder. This frees us to focus on the part of staying far enough ahead of the determined attacker. In a sense, protection is like a temporal security. It makes sure that we are secured until the bad guys learn enough to break our defenses. At that me, we had beer have additional defenses in place.
That’s only me.. Tell me what you think?