Computer security has changed how I handle many aspects of my professional life. How I write and how I manage hardware and software has changed over time to include standards to provide a much more hassle-free work environment due to the much lower risk I face from security issues.
It changed how I write technical documents. Accuracy and effectiveness of documentation are important for fast response times for IT emergencies, as well as maintaining the highest level of security to prevent attacks. One of the best ways to maintain accuracy in a knowledgebase is to reduce the possibilities of a knowledgebase containing duplicate entries for any information, I’ve taken an approach similar to one of the best practices in programming, for only creating one source for the information, and then all other references should link to that source. That way, if anyone changes the information on a page to improve its effectiveness and accuracy, all links to that information go to the single source which is up-to-date.
To maintain effectiveness in a page, it’s important for each time that a task is done, that the page is referenced, similar to how a pilot goes through a checklist. Air pilots do not generally need a pre-flight checklist. They can have many thousands of hours of experience and are not likely to forget any steps. However, in the rare cause they that did forget a step, people could die. Security risks in information technology aren’t typically so dire. However, due to the financial impacts of security events in a business, how one event can affect the salaries and jobs of many thousands of people, it is still serious enough to warrant this practice. Following a set procedure’s documentation allows for fewer mistakes, standardization so that everyone is using the most effective procedure, and it also allows for that procedure to continually improve. Different people will have different problems understanding and following documentation. Additionally, they will have different improvements to make to the documentation. So the more people that use it, the better it gets, to the point where following the documentation will almost always all for a better result than what even the most experienced employee of a company could do on their own. This has greatly helped in standardization for system monitoring, security protocols, and backup configurations.
Security has also changed how I approach any device that is connected to a network, especially if the device has a public IP address. After working at my job of 7 years, I’ve found that if a device is vulnerable from a security perspective, it will be attacked, and it’s only a matter of time until it is broken into. There are simply too many sources of attack, especially from other countries such as China or Russia, to not have a device be as secure as it can reasonably be while still being able to remain functional. All computer systems should be assessed to see what the optimal, reasonable security configuration would be.
Additionally, if anything does have a public facing login, then the password must be long enough (11 characters or larger) in the case of a brute force attack. Also, there must be a break in the instance that too many incorrect passwords were entered in a row. 5 minutes is a reasonable time to wait. Software must also be periodically updated so that as vulnerabilities get discovered they will then be patched. Also, allowing torrents to run through a firewall, especially it’s a publicly used network, can be a risk as that is a source for my viruses to enter a computer that is connected to that network, which can then caused further damage. Additionally, for all devices under my control, that are Windows-based I absolutely have to have paid antivirus installed and active. The free version is not good enough. These basic steps will reduce a lot of problems that a business or institution would otherwise face.
An example that changed how I handle backup and recovery of business information was when a company got a virus from a computer that was brought from home and connected to the network. The virus searched for shared drives and other computers and proceeded to encrypt all information. This was all of the company’s many years of data that was stored, and it was all encrypted and unaccessible. I spent two stressful days searching through shadow copies on a windows server to find and restore backup copies of the information that the customer needed. If I was not successful, they would have been forced to pay a large fee. I put procedures in place to restore the customer data more quickly in case of another event, and I also made sure that the server was backing up as much as it could. Now when I am doing an analysis of any company’s network and computer systems, that is an important consideration. I have the attitude that all data will be lost or destroyed, and that it’s only a matter of time. Therefor backups for all necessary information must be put into place and periodically tested to make sure they are working.
It’s important to have the mindset that some attacks will be successful no matter what precautions are taken, so to be immediately aware of such issues it is important to configure in-depth monitoring of systems and services to provide notifications of any problems. This way, if there is potential security event then it can be investigated immediately, rather than after the damage is done. For example, packet loss, high numbers of failed login attempts, and exceptionally high bandwidth usage over a long period of time can indicate different kinds of attacks. I have tailored our companies network monitoring to provide much more in-depth analysis of problems and then set up notifications for various thresholds that are put in place. Once those thresholds are crossed, email gets sent to the appropriate address. A lot of hardware comes with a wide variety of Object Indentifiers for each statistic that might potentially be useful for someone monitoring equipment such as how much traffic is passing through, what frequency a radio is operating on, how long the system has been up, how many users are logged in, temperature, and so on. Configuring monitoring software with this information makes it very difficult for a security event to happen without triggering an alert due to an irregularity in how the system is operating. This has allowed our company to respond to many problems before our customers are aware there even is a problem.
Following the lessons learned from these experiences has allowed me to prevent many security events from occurring, to respond quickly to any that have occurred, and to learn from the patterns in the data that I gather from the various kinds of problems that I run into. Far fewer days are spent fixing problems and instead we are able to focus on being proactive. This in turn allows our company and our customers to focus on the myriad of other challenges that a modern business faces to stay ahead in their industry.