Basic Security and Situational Awareness

These points were taught to me while I was doing a counterterrorism course in the military and refer to physical security, however with little to no change they can also be applied to information security:

  • Be aware that a threat ALWAYS exist and that the target of that threat can be you. It doesn’t matter if you don’t see it or if you don’t know of a certain vulnerability, they exist. In the world of information warfare and cybersecurity you have to assume you have been penetrated and that someone is out to get you, all the time. Once you are aware of this you can prepare yourself to deal with it mentally, physically and technologically. Attackers can have a lot of reasons to target you: you might have something they want, they are getting paid by a third party to get something they want, your services / website / servers / etc are a personal threat to their business / beliefs / etc, and many other reasons. Regardless, you cannot allow yourself to think that you have no sensitive information and that it will not happen to you. All it takes is for a script kiddy to find a simple vulnerability on your network and make your whole server farm part of a bot net. Just be aware and treat everything that enters your servers / computers as a possible threat. Deal with it accordingly. Pay special attention to low-tech attacks like social engineering, before you know it you are giving all your information to a stranger.

  • Make the environment work for you. Controlling the environment is one of the most important aspects in physical security and it should be the same in cybersecurity. Be aware of your surroundings: each workstation and the information stored in them, servers, connection channels between them, internal networks and how they allow external data to flow in, DMZs, firewalls and routers, external networks and failure points, points of connection to the internet, ISPs and backups (internal and off-site). By knowing your environment intimately and by performing assessment and pentests often you can react to changes in it (however subtle they might be) and spot the potential (or actual) threats quickly and decisively. By knowing your environment and placing protection and defensive measures you make it harder for the attackers to operate in your environment.

  • Test yourself. Put yourself in the attacker’s shoes. If you were to penetrate your perimeter, knowing what you know about it (since you put all the defense mechanism in place), how would you do it? If you can find a hole so does an attacker. Constantly test your settings, configurations, detection tools, etc. Check each piece of your security measures by working in chucks. Partition each component of your defense into sections on a grid, then walk each part as a sniper would look for unknown targets on an unfamiliar terrain: start from the far left, go from left to right, once you finish with those sections of the grid move to the next below (closer to you), from right to left this time, then move closer to you and check from left to right. Do this until you finish with the whole grid and you are now standing in the inner most part of the grid: the data stored in laptops, cellphones, USB drives, etc. Don’t forget to revert the test once you finished testing from the outside sections to the inner ones. Test from the inside to the outside: how would an attacker extract information?

  • Change your habits. Habits play against you. An attacker can build and plan an attack based on these habits. If you are using a specific personal firewall or version of software, try changing it with the next install. If your IPs all follow a certain pattern for servers with internet connectivity and those kept out of the internet or the IPs are built in a way that might alert an attacker of what computers might have sensitive data, change it. Change the patterns, change the way you connect servers and other network elements.

  • Improvise, adapt and overcome. Well, you can’t really improvise in information security but you can adapt and overcome. Be aware of new threats and tendencies, adapt to them, prepare your defenses and overcome possible weak points.