~~Brute Code~~

My “Security Touch-Base”

I joined a MNC in late December 2005 as a “Security Support Engineer”. I would be part of a NEW process called “IdM”. Well; I come from a complete S/w background and have little knowledge (or so, I thought) about security (Info & App) in general.

IdM is a process in place due to the famous, yet lesser considered, “Sarbanes-Oxley Act”. Promised; though I was, I did not get anything to work on, however We began training on “IDM-2525” for the Sun IdM Kit. Later on, however I took the initiative of automating the tools in the SOC (Security Operations Center).

I started by writing a patching tool using the HfNetChk a utility by Shavlik Technologies. However, Microsoft has decided to distribute MBSA and WSUS for free. All the customers who had initially paid to use this service have been refunded. So that did not work out too well, as there would be no sense making a new tool for patching. Microsoft has built a complete tool for patching. Currently, I do nothing exciting (actually I do nothing), but the time has now come. I make really dumb portals and keep improvising their looks.

The SOC however has several security-based activities. However, all these activities are only perimeter - security activities. Activities like Anti-Virus, DNS, Firewall management etc … if you are a S/w developer, all this will really sound bogus. Imagine scanning the network again and again. Trying to find the infections and treating (quarantining) them. Then making an excel sheet to maintain a history of your scans and infections. Eventually, when all fails, raising a (trouble) ticket.

YUCK!!! This is not security, No Sir.

Now, to do all this we need a certification; maybe a CCNA, or a MSCE, or sometimes even a CISSP. Certifications is a hobby, something running completely parallel to stamp & coin collection. (I must add at this point that I'm a complete non-believer of certifications; however I believe in knowledge more than labelling yourself using a certificate. It would be ridiculous to a CEH, and never using your knowledge in the real game. Such certificates are only good on wall in your living room.) However, I fail to understand that, “Why cant my 14 year old nephew, not do this?” I’m pretty sure, MS-Excel must be a part of his syllabus. Given a fixed scan criteria and sufficient permissions on a network, this should be a piece of cake. BTW there are more than 10 people who handle (I mean, scan) 3-4 networks, on a daily basis. Checking for really mundane details like NAV definition versions etc.

Someday … If I have the time, I’ll blog on something called Hyena Reports.

Here is the best part; when a machine is found infected or an update-push fails the amount of chaos that is created is awesome, Mind boggling, in fact. I would get up several times from my seat to see (sneak a peek at) the chaos made by these Scanning Engineers (Security Engineers, actually). Sometimes I feel that the entire Internet has come to halt and there is going to be worldwide destruction, and they will have to save the day – yet again.

Info & App Security are way way far away … But, here are people (including myself) calling themselves security engineers.

--- Today I begin my experiment with security ---

“Security from a fool’s perspective”

-DaNNy.

# posted by ~~ DaNNy ~~ : Wednesday, April 05, 2006