Not long ago I moved to a rural area with a decent-sized Amish population.
I don’t grow crops outside of the family garden, manufacture products aside from hobbies, or have herd animals — although does having too many dogs count? Asking for a friend… Since the neighbors know I work from home, the question invariably arises, “So, what do you do?”
My response is always that I provide computer security support to a company in Kansas. Sometimes that leads to head scratching. How do I work from home for a company over 6 hours away?
Simple explanations can lead to great understanding
The Amish, who often don’t have electricity or phones, have limited knowledge of computers and what computers do or how they do it; it can be difficult finding a way to describe what I do.
When I was talking to a neighbor, Emmanuel, about it, he asked some details trying to figure it out. I saw his fences across the way keeping his herd of cattle safe, next to it were the sheep, over there were goats, and the chickens could be found back at the barn in their own enclosure. For most of us, having a secure fence is just to keep our dog or kids in the backyard and away from streets or wandering the neighborhood. For the Amish, having a secure fence is vital to their livelihood.
If their fence breaks their herds can wander off or a predator can come in and decimate them leading to financial ruin. The time my dog got out of the fence I was unhappy, but put on my shoes and chased her down at the neighbor’s house and brought her back home — no big deal.
For Emmanuel, I leaped at this idea of herds and fences. His sheep produced wool, the chickens provided meat and eggs, his cows were a source of milk for his kids, and he sold his goats when they were old enough.
Each herd had an important but separate task. I likened computer applications to his herds where each provides us an important result; MS Word for writing the drafts of this blog, Teams for communication, Ivanti for anti-virus, ProVision for security log review and response, etc. Each of these important tasks are all protected by IT fences providing security to make sure the good stuff we use (herds/data) stay inside and the bad stuff (predators/infiltrators) stay outside.
Securing & maintaining the fence
Emmanuel’s job for herd security is to walk his fence regularly and look over his animals to ensure they are safe. Our job is essentially the same, to walk our fences and look over our herds and gardens. As with all things, bad stuff can happen. Holes can develop in our fences. For him, water could erode a fence post leading to collapse. A cow could lean on one too hard using it as a scratching post. Maybe a raccoon started digging under the chicken fence or the goat could just take a running jump and leap over the fence.
When I went through the fence analogy with him, he asked how computers developed holes.
Holes are introduced into computers through multiple ways: applications that have them pre-existing from development, using too old of applications, installing things we shouldn’t, clicking on the link our Aunt sent of a funny video about dog lying in wait to surprise someone walking upstairs (not that I recently watched that one or anything).
Fences develop holes and computers have security issues; it’s the way things are. It’s what we do about them that makes all the difference in the world.
For the Amish, as they walk their fence they pay attention to loose posts, loose wires, they look for signs of raccoons. When they find an issue, like a loose post, they re-dig the hole and reinforce the post to make it stable again. For raccoons, they throw some gravel in the hole and file it back in with dirt. The cows that are scratching their back on a fence post? Maybe install a post in the middle of pasture so they never go near the fence.
For computer security we need to follow the basic hygiene principles we have always been told about. The best way to ensure no one breaks through a hole in our fences is to make sure there is no hole.
Vendors are always releasing updates and patches, and we need to make sure they are getting installed in timely manner. The 2017 WannaCry ransomware attack leveraged a vulnerability Microsoft fixed in March but so many systems went unpatched that when the attack came in May, over 200,000 systems were infected. We need to make sure patches are deployed and then run saturation reports to ensure they installed correctly.
Securing the cyber fence
Other basic principles of good computer hygiene include (but are not limited to):
- Password complexity rules
- Up-to-date antivirus software
- Updating outdated applications (especially web browsers)
- Setting application blocking policies for known vulnerable software
- Completing business partner computer and internet safety trainings
- Scheduling and performing automatic scans
- Enabling firewalls
- Configuring device encryption
- Having removeable storage device policies and enforcement
- Creating and enforce clear administrator access guidelines
- Scheduling regular penetration tests to look for things we may have missed
There are too many to name, but protecting our assets always begins with walking our fences and looking over the flocks and herds regularly. It is not enough to just build a fence and trust it will never fail. It is our job to build the fence and then constantly review it and fix where it needs fixed.
Sometimes the holes are too big or too new to be able to repair right away. Thankfully we have access to teams and personnel that can stay vigilant looking for indicators of compromise (IOC’s) that can tell us when a breach is occurring and respond to the breach, but that is a story for another day.
Throughout his career, Thomas has bridged the gap between IT and the business through analyzing data to bring about positive ROI. His work has included supporting applications and software to enable a more successful business while becoming an experienced liaison for stakeholders, IT, business units, and business partners. Thomas is a certified Tanium Operator and Administrator and is currently the Lead Tanium Engineer for Foresite Cybersecurity.