The ugly reality of security incidents.
It sounds kinda romantic, doesn’t it? Your 133T skillz against those of the wily hacker. Showdown at the 0K corral. (Heh. Would that be “zero k”?) But most of the time, it doesn’t happen that way—at least, not to me. Here are some of the harsh realities of security incidents:
- They usually start with someone frowning at the screen and saying, “That’s odd ...“
- It can take a really long time whether you even know for sure that you’ve got a breach.
- Sometimes you can work on something for hours and then figure out that it was just some weird-ass behavior on the part of some application.
- When it comes to an insider, not everyone will agree that it was really a breach of security, much less one requiring disciplinary action.
- In fact, sometimes you have to work instead on protecting the network against someone who is behaving badly, yet whose management refuses to fire him.
- Does two people arguing over control of a root password constitute a security breach? If one of them changes it out from under the other one? You tell me.
- There is very rarely, if ever, a “takedown.“ Most of the time you just manage to block the bad guy out and hope that he’ll move on to another target.
- It can take law enforcement a really, really, really long time even to get around to looking at the evidence, much less decide whether they have a case.
- You’ll never know whether you found everything. You just have to live with that.
Posted by shrdlu on Sunday, November 12, 2006
(3) Comments • Permalink •
