Infosec Island: What They Don't Teach You in "Thinking Like the Enemy" Classes

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • joehalford01joehalford01 Member Posts: 364 ■■■□□□□□□□
    Good article, thanks!
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Good article, though his second point I cannot totally agree with. He describes APT, but that isn't all attackers. I tend to believe that most are in for the easy score, install the malware, collect the cash, and get out. Obviously different if you are a larger company, but I feel like he generalized a little too much. I did enjoy his trust portion and have been reading a book all about it:

    Amazon.com: Liars and Outliers: Enabling the Trust that Society Needs to Thrive (978111814330icon_cool.gif: Bruce Schneier: Books

    Really eye opening book!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    So the points I get from reading this rambling, poorly-edited article are:

    1. "Don't bother taking a psychology-of-the-enemy course because there are too many and different enemies, "
    2. "you can't really think like the enemy in any realistic way, so don't try"
    3. "stop trying to guess what the attacker is going to do next and practice good preventative security instead"
    4. "Use OSSTMM 3 to determine how to practice good preventative security without knowing who your attackers are, what they want, and how they think and operate."

    It just goes to show that anyone can write a blog article about anything. icon_rolleyes.gif
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    LOL fair enough JD. But I can say that after reading Thor's Microsoft Security Bible I can see where good practice preventative security is one of the best things you could do. I suspect you are speaking to a comprehensive plan relying on preventative security along with some "enemy" thinking mixed in there. It's funny because he speaks about not bothering to get into the enemies head, but it seems he looks at it more from a motivation stand point. Why should I care why someone is attacking my network/servers? Putting your self into the enemy mindset is much more about what vectors they would use, not the reasons why. Obviously they are going to start with more commonly used vectors/attacks, cover your bases there and I feel overall you'll be fairly ok. Time is on the attackers side, given enough resources and time they will get in one way or the other.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    You can't defend, or defend against, what you don't understand. If you don't know who your attackers are, what they want, and how they might attempt to get it, you can't possibly plan cost-effective security measures--defensive or otherwise--that are beyond the basic and generic.
Sign In or Register to comment.