Reply to post: Re: Unlikely to change anytime soon

Hackers don't just want to pwn networks, they literally want to OWN your network – and no one knows they're there

doublelayer Silver badge

Re: Unlikely to change anytime soon

That's well and good, and usually it's fine, but how do you prove for a certainty that your network device that faces the public internet because it has to is definitely clean? You can prove that you've followed security best practices. You can confirm that you audit its configuration to ensure you see if it suddenly changes and check that against your known changes. You can confirm that you do penetration tests on it and that it passes. You couldn't confirm as easily that it does not contain flaws that could be/are actively being used by an adversary. Consider what happens if there is a flaw allowing an attacker to inject network traffic. If the flaw is unknown, you can't detect that the flaw is there and hasn't been patched. If the traffic is injected but doesn't update the configuration, you can't get info about that from a status audit. If the traffic is convincing in that it successfully pretends to be from a known device and fit the patterns from that device, you wouldn't expect it to be flagged by a firewall. I admit that this scenario isn't very likely, but there is some argument that if something of this complexity happens, it's not entirely fair to blame the administrators for it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019