August 19, 2007

You Are the Best Firewall

A few weeks ago, while walking with the family enjoying the summer sunset, I saw the following poster in the street:


The poster slogan says: "You Are the Best Firewall". The sunny Spain is well known for its hot and dry summer, specially far from the coast. During the summer period one of the major threats against our nature are... FIRES!! Therefore, Madrid's government has launched an awareness campaign to prevent thousand of green forests hectares from being burned; a very valuable asset for us and future generations.

First time I saw the poster I thought: "... an infosec awareness campaign in the town? (sorry, security obsession)" :) The parallelism between both worlds is amazing. It is not new that during the last three years, the information security threats and attack vectors have changed from the common firewall-protected scenario against scans looking for vulnerable services, to the current user-focused attacks where the user actions help to compromise systems. Therefore:

You are the best firewall!!

The best way of dealing with this type of threats is through user awareness, trying to minimize the unintentional user actions that lead to a system compromise, or to a forest to get on fire. This awareness poster is fabulous: it has a short, straight and simple slogan that directly involves the user (KISS principle), it provides the phone number you need to call in case you make out a fire (incident response: what to do and who to contact if you detect an intrusion), and list the most important things you DO NOT have to do (real-world examples and guidance).

This is obviously related with our previous 3wplayer post, and corroborated by a recently deployed server, running on port TCP/443 on a SOHO environment (xDSL Internet line). I carefully monitor all the traffic from and to this system, and after five days it still has not received a single SYN packet! This low scanning rate was not the one we had three years ago.

If there is no big change in the current security and malware business, my prediction is that in a few years we will get similar general government campaigns focused on protecting your information and computer at home from being compromised and fall victim of a botnet, phising and trojan-backdoor attacks, identity theft, etc., in the same way we had campaigns to reduce fires and traffic accidents nowadays. An ounce of prevention is worth a pound of cure. Remember... You, your friends, family, relatives, neighbors, etc... are the best firewalls!!

Labels:

2 Comments:

Blogger Gary said...

Hi. The phrase may be catchy but is it true? I guess it focuses the users' attention on being careful but my preference is to combine technical and procedural controls - a good firewall with sensible rules and always up-to-date on patches, coupled with good -up-to-date antivirus and users who know not to visit dubious websites, not to click email attachments, and who to call if 'something funny' happens. This is the security-in-depth concept.

Kind regards
Gary

7:07 AM  
Blogger Raul Siles said...

Thanks Gary,
I completely agree with you. By no mean I tried to promote to have very security aware users with no technical defenses ;)

Nowadays, the problem is that the firewall continues being (and most probably always will be) a must, but unfortunately, the AV/anti-malware/anti-spyware tools only help to detect a few of the hundreds of new malware specimens that are created daily. Simply, the AV technology we're using today doesn't work 100% effectively, so one of the solutions is... the user! Defense-in-depth!

10:54 AM  

Post a Comment

<< Home