Firewall Fortinet

2
Shares

Insights on Cybersecurity: Three Decades of Experience and the Future of Zero-Trust

I am writing this post today after having sipped my third cup of coffee, and to be honest that is when I start getting new ideas. Experience with networking and security since 1993 (Network Admin managing voice/data muxto PSTN). The 2018 Document exceeded two pages, already described a scenario involving foreign intelligence services breaking in to our JTAG-enabling cloud and stealing all the Kitboxes™ by air-gap hacks through rubber-duckies; its almost quaint when you think that previously, security was more about making sure cables didn’t come unplugged.

Though somehow here we are, a generation later — where the stakes have never been greater.

Lessons from the Cybersecurity Trenches

I have… seen things. — Range of Vision (Bjoern Knetsch), DevOpsDays Boston, 2019 from YouTube The talk heavily criticizes a lot of the security we’ve come to rely on, bumbling its way through an Error 404 version of our own Cyberpunk distopia where everyone has sworn off all that and moved on to new gods among men in an Epic-style scene-shift.

For a war story from the trenches — 2003, Slammer worm hit. I happened to work in network infrastructure at that time — and it was literally going as crazy as I can remember. Created a systembill that took servers down Almost all of banks we backed also had downtime. Slammer was more than a bug, it was a public announcement to the world about how little our “secure” networks really were.

Embracing Zero-Trust Architecture

Today I am the owner of my own cybersecurity company where we had just redesigned zero-trust architectures for three of the largest banks around. Zero-trust is just not temporary buzzwords or marketings tech. It’s a change of mindset that treats any user, device, or application as hostile unless you can prove otherwise — and frankly, if you’re still treating your internal network as trusted simply because it resides in-house — well then shame on you.

Zero-Trust A Reality Check

Here’s the thing about zero-trust:

We started to implement zero-trust for those banks and we hit resistance, all of a sudden big time — technologically and culturally. Old habits of using weak passwords, or dismissing suspicious alerts are too hard to break simply because they do not want to feel a sense of vulnerabilities exist.

Let me tell you, I have gone down this road too. The policies in place when I began as a sysadmin were crazy simple. Of course, this is to say nothing of the fact that most policies easily devolve into a running joke — change your password every 90 days and make it unreadable which simply results in users writing password1 on post-it notes.

5 Practical Steps In Zero Trust Implementation

  1. Don’t boil the ocean. Start with critical assets.
  2. Network segmentation — Not everyone can have access to everything on your network.
  3. Implement MFA everywhere — and no, although SMS isn’t sufficient anymore.
  4. This is where real-time data comes into play, rather than quarterly audits.

Hardware Hacking Village: DefCon Insights

Hardware Hacking at DefCon — I just got home to the U. S. from a very great trip! From antique routers with vintage tech screams to the latest IoT gadgets — it’s a stark reminder that, if it has a chip in it, its breakable.

Analogy: Your Network is your Car We spent some money getting the exterior looking good, but if people can just mess with your engine and get it on down the highway are you GTG?

This is why so much of what we do at P J Networks Pvt Ltd comes down to router security as the first line of defense — beyond simply firewalls and other servers. You want your routers and servers to be sealed tighter than Fort Knox. Leave that out and you may as well still have the engine running whilst someone is enjoying a hot-wire on your s**t.

AI-Powered Security Solutions: The Elephant in the Room

I know you think AI sounds great. That is a positive, as it scans thousands of real-time events However, do not rely on AI to replace this. Instead, promotion of AI hype in security tend to serve as screen for lazy solutions devoid of the understanding of context or immobility towards advanced attackers.

Oh, and forget about vendors that AI-power everything but can still not specify what their system is actually detecting apart from the known threat signatures.

Password Policies Rant

Proof that password policies usually suck:

Personally, passphrases are what I prefer over gibberish. Kind of like a memorable sentence, but not one hackers can guess. MFA on Top — your golden.

And business execs: that password change cycle you make your staff go through every 30 days is actually making everything less secure — as well as being slow, boring security-itself.

Lessons Learned Over 30 Years

What I have learned from running my own security outfit :

What’s Next?

The game keeps evolving. As much as I enjoy nostalgic tech — and old principles sometimes still reign true :

You just need to utilize them with new tools and fresh awareness.

Yes, backing up, and if you consider your cybersecurity investment as an expense — I are doing it the wrong way. It is more like investing in a premium car engine. Less than that, and it will easily pay for itself in repairs… not to mention the downtime of your Minecraft server being down or having constant malfunctions, as well as the lost customer confidence.

Wrapping Up

Thirty years, three coffees and a gazillion firewalls set — my advice is as follows:

Security is imperfect certainly — but it most definitely can be improved.

Thanks for reading. Now, just let me grab fourth cup.

2
Shares
Leave a Comment

Related Content

Exit mobile version