Having just watched the latest Spartacus episode in “War of the Damned” where Spartacus manages to take a city by first entering the city in disguise and then by opening up the gates to allow his followers in to defeat the Roman Defenders I started to think about network security in corporations.
Sun Tzu wrote “Appear at points which the enemy must hasten to defend; march swiftly to places where you are not expected.”
Networks, like cities, will always have strong and weak points. Ancient Cities had large walls that surrounded the city to keep invaders at bay but every city had to have gates to allow trade. Without this trade the citizens would soon die of starvation. However these gates also created a weak point which could easily be exploited especially if the invaders managed to get people on the inside.
Corporate networks are the same. You can provide firewalls in the DMZ to keep hackers out, but corporations need to have communication with the outside world to conduct business. These firewalls can also provide a weak point if not properly configured and defended. The corporate security staff need to defend against attacks on multiple fronts. The hacker just needs to exploit one weakness!! It is very easy to exploit weaknesses from the inside. USB drives left in an employees car park which can easily be picked up and plugged into corporate computers which contains trojan code that is activated when plugged in to the USB socket. This code then targets holes in corporate firewalls from the inside while most security staff are concentrating on stopping traffic coming in from the outside!!!
Is it just a fact of life that networks, like cities, will never be completely secure?