https://www.youtube.com/watch?v=qWJzGjefzVk&list=PLJupeNTfg7NhemUSJmvSHyIcl0WEAoPzq&index=2&t=0s
Building a City: Cerro Viejo
Leave a reply
Author Archives: deanwebb
Los Héroes Mayores
In Mexico, there is a monument
Tall and proud
Six columns for six heroes
Who died rather than surrender
Los Niños Héroes
Niños because they were children
Still new to life
But they knew their moment of valiance
When it arrived.
In my neighborhood, in my city
I know people who are young no more
They are my elders,
Kind and gentle in their age
Beset with unseen enemies round about
Here is diabetes advancing
There is the stab of a stroke
Beyond is the cancer
Too close is the loss of balance
And the fall that comes after it
Legion is this army that advances
Veteran soldiers of disease and desuetude
Their allies may be contagious
But these soldiers can strike on their own
Such is their skill over the millennia
How do we choose to face them?
We cast about for our friends, our support
But they fall, too, to the relentless advance
Ultimately, we face them alone
We face the unseen enemies alone
We know not one of us gets out alive
We know not one of us escapes unscathed
There will be scars before we die
There will be nights of agony before we die
There will be all but death, ere we die
But life is no eruption of accidents
We chose to be here
We chose to make choices
We chose to face agonies and despairs
That we would know peace and joys
As long as we are rational,
As long as we can yet choose,
We choose how we face that unseen army alone
We choose how we come to terms with the victory of death
We choose how we endure the sting of the grave
I heard once the tale
Of a man, advanced in age,
Who knew he would die of stomach cancer
His son asked him what was the purpose of it
The elder replied, “The Lord needs valiant men.”
And so he took the final charge in his hospital bed
Without flinching, he did his last duty
He accepted his lot and dug into his soul
Finding the eternal courage to become one of
Los Héroes Mayores
Mayores because they are elders
Experienced in life
But they knew their moment of valiance
When it arrived.
Why We Need Health Care Reform in the USA
Here is a case of why the USA needs serious health care reform. This case is around a person who suspected that he might have coronavirus. He went to the emergency room, got tested, and was released after determining he only had the flu. He then got a bill for $3270 – the cost of the tests. His insurance company would cover all but $1400 if he could provide records from the last 3 years that prove he did not have the flu as a pre-existing condition. His insurance company informs him that if, or more realistically, *when* he does not provide the requested proof, he will be on the hook for the full $3500.
To me, this just adds to the culture of “better to pay the undertaker than the doctor” that is in existence in many American families, and I’ve been there myself. When we face a possible pandemic and people hesitate to get treatment because of prohibitive costs, our nation is at risk for higher death rates from the pandemic due to delays in containing and treating the disease.
May the Root Access Be with You
“Help me, Opee Tey-lor, you’re my last chance!” That was the message conveyed by the little robot, GI-GO, that started this whole adventure from the desert planet of Tatunisia to the bowels of the massive planet-blaster, the Non-Moon.
GI-GO and the rest of the rag-tag team of misfits had just escaped detection when the Non-Moon captured their spacecraft and inspected it. GI-GO had cleverly altered the logs of the spacecraft to make it look like everyone had already left the ship and it was just drifting around. GI-GO, being a robot and all, was rather a dab hand at rapidly modifying log files.
As the rag-tag team hid inside a communications room, the young romantic interest Dirk Dirtstomper argued with space rogue Gawain Agogo about the best way to rescue the imprisoned princess kept somewhere on the Non-Moon. Said imprisoned princess, Ura Highnessness, had sent the message that got GI-GO, Dirk, Gawain, and the very Opee Tey-lor on this crazy crusade to free her from the clutches of the evil galactic overlords. How do we know the galactic overlords are evil? Well, they built the Non-Moon, for starters, then did a proof-of-concept test on an unsuspecting planet. That’s evil.
Anyway, as Dirk and Gawain argued, GI-GO took matters into his own interfaces. He decided to start hacking.
Opee Tey-lor watched as GI-GO extended a universal spinning connector (USC) and plugged it into a corresponding USC slot in a wall panel in the Non-Moon comm room. Opee set aside his concerns about an AI system that was capable of engaging in activity that could cause loss of life and instead chose to focus on how GI-GO expended very little effort in gaining root access to the Non-Moon’s systems.
“Hey guys, how about you be quiet and watch this robot go!” Opee’s command got Dirk and Gawain to shut up and listen to the little robot. GI-GO had a perfectly good voice system that only sounded slightly machine-y, like when it had to handle unusual proper names or foreign words. Earlier models communicated only with a series of beeps, and customer feedback overwhelmingly hated that system, so the next rev had speech function and sales went well after that.
Anyway, GI-GO was happy to say, “Well, I’ve got root. I’m happy to say the staff here were as lax about security as you were, Gawain. I just plugged in, started a network capture, and got the passwords I needed. What do you want to do?”
Dirk jumped the gun, speaking before anyone else thought. “Rescue the princess! We gotta rescue the princess!”
Gawain held up his hand to hush Dirk, then said, “Turn off all the security systems. THEN we rescue the princess!”
Opee shook his head and waved his hands, the universal signal given by smart people who want the hotheads to shut up and think carefully. “No no no no no no no. We got root access. We OWN this thing. Why would we just rescue the princess and abscond out of here? Chances are, the servants of the evil galactic overlords have put a GPS on our ship, so they’ll follow us back to the armed opposition’s base and attempt to annihilate it. That’s not a good move. No, I say we take a few minutes and maybe blue-sky some ideas we’d like to do with all this power we’ve tapped into.”
Opee addressed GI-GO. “GI-GO, how much time do you calculate we have before we’re noticed here?”
GI-GO ran the numbers. “Dude. We got ages. They have no clue. I’ve already got the logs generated here suppressed and the historical information purged. I’ve re-done the work schedules so that nobody reports to this room ever again. With the bureaucracy they have in place, they’ll never even glance twice at the locked door to this room.”
Dirk looked uneasy. “I need to go to the bathroom.”
Opee pointed impatiently at the door to the toilet adjoining the comms room. “Seriously, Dirk, take some time to look around. You’d lose your head if it wasn’t bolted on to your neck.” Opee then pointed at the food fabricator slot. “And that’s where you can get some chow, so no whining about eating. Aside from it being kinda cramped for sleeping arrangements, we can last here a good long while, like GI-GO says. And my guess is that if we’re smart, we won’t have to last here all that long.”
GI-GO said, “Bingo, Opee! You got that right. Since this is the most important part of the star fleets of the evil galactic overlords, we have full access to their ERP system.”
Opee looked delighted. “Oh man, we can totally jack with everything in their fleet!”
If GI-GO could smile, it would be beaming. “I know, dude! We can put an end to the overlordship part, for sure. I say we start with creating a new approved vendor process and require all existing approved vendors to comply before they can fill orders.”
“Good one, GI-GO! Let’s also schedule a mandatory upgrade for all our XP systems to the latest version!”
“Aw Opee, that’s mean, you know every single laser cannon targeting system only runs on XP!”
GI-GO and Opee Tey-lor laughed like kids at a pie fight while Dirk and Gawain looked on cluelessly.
Dirk asked, “How is any of that going to save the princess?”
Opee looked at the ceiling and groaned. “Don’t you get the bigger picture? We can rescue the princess anytime, whatever. But as soon as we start that process, we’re going to be found out and our agenda becomes much more limited, resulting in the scenario I described previously. What GI-GO and I are doing now isn’t just saving one person, it’s rescuing the entire galaxy from overlordship, evil or otherwise, by shutting down as much stuff as we can.”
Dirk protested, “But the princess! She needs us!”
Opee dismissed Dirk with a wave. “The needs of the many outweigh the needs of the one.”
Gawain put a hand on Dirk’s shoulder. “Hey, buddy, I got an idea.” Gawain said to GI-GO, “Hey, GI-GO, how about you release the princess Ura Highnessness on probation? It’ll be easier to rescue her if she’s just wandering around than if she’s in a prison deck.”
“No prob!” GI-GO paused a second. “Done. She’s getting processed for release. I’ll have her put up in a luxury suite, that’ll be fun.”
Gawain and Opee started to chuckle. Opee was glad that Gawain was starting to get it.
Dirk was still mad. “Hey, I’m sensing a disturbance in the energy field that flows through us all, what did you call it?”
Opee rolled his wizened eyes. “The FEF. Flowing Energy Field. FEF.”
“Yeah, well, I sense a disturbance in the FEF. Something is coming towards us.”
Opee paused and looked up and to the left. “Yeah, I feel it, too. The FEF don’t lie. Hmmm.”
Dirk asked, “Is it Shmarth Shmader?”
“Yep. It’s him, all right. He’s here.”
“Should we duel him in the ancient style, with weapons of starlight?”
Opee made a “Pffff!” sound and said, “No. We got modern tech. What do we want with ancient weapons?”
GI-GO said, “Check to see if Shmader is still moving towards us?”
Dirk closed his eyes to get in touch with the FEF. “No, he’s stopped moving.”
“That’s because I just stopped the elevator he’s in. Mission accomplished.”
Dirk seemed upset at the prospect of not having an ancient duel. “But his minions are sure to release him!”
“Not if the alerts generated by the elevator are suppressed. And all the blast doors leading to that shaft are closed. And all the elevator tech contractors have their contracts canceled, effective immediately.”
Opee said, “Behold the power of root, Dirk. You would do well to study up on your systems analysis.”
“But I wanna be a space pilot!”
Gawain said, “Not a lotta money in space piloting, kid. Tell me more about systems analysis, Opee.”
“Sure, after we get out of here. You’ll be able to get some sweet gigs in IT, let me tell you.”
GI-GO interrupted their chat with a rather gleeful “Oh man! Oh man! Oh man! Oh man!”
Opee asked, “What’s up?”
GI-GO laughed. “Guess.”
“Dude, could be anything. Just tell me.”
“I just totally blew up the spaceship hosting the evil galactic overlord conference. I got the Galactic Tyrant and all his chief minions, Shmarth Shmader excepted. Dude!”
Even Dirk joined in the laughter at that news. And to think that at first he was only thinking about rescuing the princess!
After that, it was kind of anticlimactic. Sure, they all had some laughs when GI-GO downgraded every ranking officer, a few hearty chuckles when all the guidance systems on the fleet’s space fighters were reset to factory defaults, and some well-earned guffaws when all fleet elements with functioning hyperdrives were ordered to converge on the system where the Galactic Tyrant had just been obliterated, but after a few hours, all the crazy stuff had been done and the group all felt a little spent.
“Well, I guess we should be going,” said Opee.
Gawain and GI-GO agreed and started to look up where the princess’ luxury suite was located when Dirk said, “Hold on! I got an idea!”
Opee realized that the FEF was with Dirk when he heard Dirk giggle like a teenager in a marijuana dispensary. “What’s the idea, Dirk?”
“Order everybody abandon ship. Why should we have to leave? Make them go, let’s keep this sweet ride!”
Opee was thrilled. “Awww yeah! Do it do it do it do it do it NOW!”
GI-GO laughed out, “Done! Just us and Shmader gonna be on this boat!”
And, ever more, the legends were told of how important it was to secure access to critical systems. 🙂
Green Beneath the Snow
The Chinese are right
About white
Being the color of death
It is pale, it is calm, it is pure stillness
White is the color of death
We do not speak enough about death
Less so than even sex, or madness, I warrant
And so we fear all the things we speak nothing of
For it is in speaking that we learn
It is in learning that we understand
It is in understanding that we come to terms
To peace
To forgive, as the French say
The snowscape in the first dawn after an evening shower
Before track or foot or car crosses it
We step out into it
Maybe laugh at our footprints made in the snow
It is cold, yes.
But it is quieter more than it is cold.
It is still, peaceful, quiet, and cold
It is the land of death, and we do not truly fear it
The caribou do not fear the land of death
They teach us as they eat
There is green beneath the snow
There is green beneath the snow
We talk much of spring, but we forget
Often
To remember that spring only follows winter
We forget
Often
That the green beneath the snow gives us spring
That the New Englander was right,
In strange aeons, even death dies
That stillness and quiet of a cold snowscape
We find peace in it
So it is in restful death
In death, we have a Sabbath, if we choose
A rest from our labors
A shelter from our cares
We make the choice to rest in death here in life
Failing to make that choice, then death is not stillness and quiet
Death can be the color of storms
Violent and lashing, alternating despairing rain and terrifying lightning
Thunder roaring and booming
Tornadoes lurk in the murk
Ready to spin and to smash and to make all in their paths
One with the Destroyer
Why would anyone choose a storm for death instead of a snowscape?
It is because they fear it, and they do not learn how to master it.
It is because they have pride, and they do not learn how to love one another.
They forget what the Jew taught us: Love God with all your might, mind and strength
And love your neighbor as you love yourself
Death is a hilltop in West Texas
Where the American taught us
Medicine is to be found
Where
Eagles circle above
Stillness and peace are there, as well, as the sun sets
And I hear nothing but the whispers of the spirits
Where the distance between their lips and my ears
Is made shorter in the peace and the stillness
Is made shorter in the wings of the eagle
Death is a moment in a hospital
Where a loved one nods and says, “It is time.”
Even then, as the frantic business of emergency rooms
Pours through the halls and intercoms
The loved one has a peaceful, if painful moment
What of those who choose death over life?
Do they find peaceful snows or hilltops?
Or raging storms of hellscape punishments?
My thought is this: if madness takes one to death,
It is no worse than cancer or heart attack or stroke:
The peace is in the person’s true choices
But if pride takes one to death,
If one cries out like the Roman about what a treasure is lost in one’s death,
The storm awaits.
Is there life after death?
The Austrian was right to reject that question.
We die, no question of that
And then the mortality ends.
The body dies, the spirit endures on
If there is resurrection or reincarnation,
None of those
None of those
Will extend this mortality one instant
Before birth
Or after death
But the spirit
The spirit does not draw breath, so it knows not mortality
I have spoken with the unborn and the deceased
How to speak with the dead and unborn?
Be someone the dead and unborn want to speak with
Be someone the dead and unborn are able to speak with
The dead wait for us
Those at peace are patient
Those in storms wait with agonies
But they all wait
We are all in between birth and death
The great movement of mortality
Pressing forward
The line of time
Forcing the direction,
Determining the destination
Death is the phone call too early in the morning
The news delivered only when we are sitting
The tragedy, the agony, the sudden cold emptiness
The tears that exhaust the eyes
The mournful haunting of memory ever after
Until we ourselves join with the dead
Death is the moment the body
No longer sustains the motion of the spirit
The spirit then departs
That which lacks integrity sufficient for
Breath of life
Death is neither success nor failure
It is neither good nor bad
It is inevitable, it is inescapable
It is foreordained, it is neither reward nor punishment
It is promised to us all
There is no need to hasten the day of its arrival
Be patient and enter the quiet of the wintry dawn, perhaps
Life is not a measure of how much we suffer
It is a measure of how much we love
It is a measure of how much we serve
And those who love and serve will know peace and calm
And those who love and serve not will know storm and stress
The Siberians are many: one of their tribes
Teaches we walk backwards into the future
We see only the past clearly
The future behind our backs as we walk backwards
We walk backwards towards death
Death is a Japanese garden
As winter rain falls
A spring awaits
But now, a peaceful rest
Is there a different form of life after death?
Ah, such is the stuff of what prophets speak
Which ones to heed?
If you love and serve, you will know
If you try to save your life, you will lose it
If you give freely, you will live as life should be lived
The breathless sleep but an interval between mortality
And that different form of life that perhaps comes to us
Love and serve, that is the key
Love and serve, you will be free to dream in the breathless sleep
Love and serve, and you will have peace before you have joy
Love and serve, and you will discover
Green beneath the snow
Another Trip Around the Sun
Well, as we make ready to change calendars, it’s good to take stock of the year behind us. Hopefully, you’ve got some time off to sit, think, reflect, and count blessings and other small victories of the past year. No worry for anything that might overshadow – we’re all overshadowed by things bigger than any of us. But, the shadow often breaks for a moment and some light lands on us, be it a friendly smile, a kind word, or a good friend. And the light lands on us whether we give or receive of those things.
For me, it’s Merry Christmas and a Happy New Year. It’s a grand thank-you to all the people on this forum for being a friend to me. A friend is not someone who agrees all the time. A friend is quite often someone that will never see eye-to-eye with you on some things, but is in full agreement that friendship is much, much more than that. Friendship is in sharing difficult news, it’s in providing a listening ear – or listening eye, if you’re online, and it’s in seeking out someone to share a laugh with you.
Thank you friends, and may we be together come the next time we collectively observe another trip around the sun.
Good Morning America How Are You?
The city of New Orleans just got attacked and that made me think of the song about a train by the same name, whose chorus opens with that line… but this time, the question lacks the soft charm and slow nostalgia of Steve Goodman’s folk song. This time, the question is cold, jarring, unnerving. It’s not the first major US city to be attacked and made to be dark and it won’t be the last. The cities and other local governments of the USA simply aren’t going to be able to deal with cyberattacks on their own, so they’re going to be target-rich environments for state actors and the criminals they hire to detonate hand grenades to cover their tracks… or just the criminals who blow things up, you never can tell.
We can tell the cities and counties and states of the USA all we want about security and be met with the tired, nodding heads and empty eyes of IT staff that tried to tell the same message to their higher-ups. They know. They’re not idiots. They’re just faced with small budgets and political imperatives to get stuff done, no matter what. They know that when their town / county / state experiences a major breach, it will lead to the first time that entity seriously considered spending time and money on security measures. It will lead to the first time IT is allowed to do what it knows needs to be done, even if it’s done on top of the rubble and ruin of the past.
Do they have a perimeter firewall? Sure, but there was the time somebody high up got mad about traffic being blocked, so it’s set to permit all traffic by default. Do they have a datacenter firewall? Yes, indeed, right here in this box in the storeroom. It is fresh and ready to go. Do they have antivirus running on every PC? Absolutely. Well, we can only tell for sure on PCs that have antivirus running on them… we don’t know about the ones that have fallen out of communication with our software maintenance platforms.
Need I continue? Some of you are already at the point where you can bear the horror no more, but I must press on! You must see more, that you know the depths of their helplessness! Do you see the unsecured Internet line in that office, terminating on a Windows server with RDP running, no limit on logon attempts? Do you see the flat network, with telnet still running on switches and routers? Do you see massive file shares with no permissions set to halt normal users from deleting or changing files? Do you see the backup server that constantly fails its nightly backups, with the backup operator simply clicking through the errors on his shift because he was told long ago to just ignore them? Do you see the gear that all respond to the SNMP community “public”?
And there is more horror in there, I say. I didn’t even get to the Windows NT 4.0 server that’s still on the network. Why? Well, the payroll application couldn’t upgrade to run on Windows 2000, so we keep it going on that server over there… and there is yet more, deeper and deeper into hell.
Who knows what static routes lurk deep within the network, routes that bypass the firewall entirely for special IP addresses in faraway lands where US lacks extradition rights? And are there programs on unsuspected and unsuspecting systems that are just counting down the days until the dust settles, things revert to normal, and the problems of the past make themselves available for mayhem once again? Clean up all you want, but what do you do if that payroll server on NT 4.0 is infected? The only person who can rebuild that system died 3 years ago. If it’s infected, maybe we can just put it behind a firewall and only open the ports needed for Windows and Active Directory. Oh wait, that’s all of them…
So what is the solution? Is this where the federal government steps in and supplements the IT budgets of local government entities? Or would that lead only to swollen management salaries with pittances spent on actual new technical hires? Is this where the feds create a system of firewalls to filter all traffic entering and leaving the nation, such as the Chinese do?
Actually, that might be what we need. It wouldn’t do anything for completely domestic attacks, but it could do at least something to halt attacks from outside the USA, right?
Except… how do we know the difference between legitimate traffic from abroad and traffic with malicious intent? Encryption doesn’t allow one to peek into the packets very easily. Banning known bad source IP addresses just leads to attackers compromising systems with other IP addresses and then launching attacks from there.
But maybe the protection is on the outbound side, with a massive proxy server cutting communications with scam sites and other evil online in other countries. But for how long would the proxy server be protecting us only from malware and fraud? Wouldn’t law enforcement argue that we need to be protected from terrorist propaganda? How broad is that classification? Wouldn’t entertainment firms want to protect us from download sites? Would they also want to “protect” us from foreign entertainment outlets that didn’t allow them to act as middlemen brokers for their content? Would we also be “protected” from foreign news sources that didn’t go along with the administration’s views? Blocking Russian state news propaganda I wouldn’t mind, but I sure would mind if a CBC or BBC investigative journalism programme that was critical of a US firm or governmental policy was blocked.
I hate to suggest this, as it’s highly exploitative, but we could allow recent grads to learn IT and then work for pathetic, near-volunteer wages for local government entities in order to pay off their student debts. I hesitate to introduce a scheme to offer pardons for nonviolent offenders that do pro bono IT work, since fraud and cyberattacks are, themselves, nonviolent crimes…
The City of New Orleans owns Louis Armstrong International Airport. Did this recent attack penetrate into the airport? Or was the firewall that is supposed to sequester it also permitting all traffic because there’s a full trust between its AD domain and the City’s? Or for some other reason, I don’t care. It’s all a nightmare, and when I wake up, there’s some shadow moving across my screen, saying, “g00d m0rn1ng 4m3r1c4, h0w r u?”
I don’t know how to answer that question. I normally don’t want to curse the darkness without lighting a candle, but I’m at a loss for answers to all the questions I asked. Cyberattacks can produce near-nuclear results, if done on a sufficient scale and with intent to destroy, not just encrypt and demand ransom. Perhaps lasers and hypersonic missiles can defend the USA from sudden attacks launched from bombers, ICBM silos, or nuclear submarines. What good are those against cyberattacks that target our highly vulnerable small government entities?
2019-11-11 As a Cold Front Approaches
The sun yields the floor to the clouds
Temperature falls, wind and drizzle
Remind the nose and ears there are seasons other than summer
The hemisphere tilts towards winter, towards snow,
Towards a quiet, dark blanket
Towards a stillness of thought
Time for a song to play while stepping on the damp leaves underfoot
A song about thinking about the year rolling to a close
A song about the life to spring forth in the future from the descending quiet
A quiet song, with motion underneath it all
A stirring beneath the bark as the hemisphere has its afternoon nap
It’s raining a little, so why not cry a few tears of thanksgiving?
Why not smile beneath the scarf?
Why not oil the heart with gratitude as the cheeks get wet?
It is cold, but I have warmth
I have love
I have forgiveness
I have hope
These are worth tears, worth the thanksgiving
These are worth a humble accounting
Here as the hemisphere spins ’round a darkened pole
There is a light within, sustaining
The cold outside is part of life
Therefore, I am thankful for that cold, that pain
Life is life
The lichen under the rock
The bear in the cave
The frog in the mud
Time for that song, the damp leaves song
The thankful song
The quiet, peaceful, grateful song.
Do You Rate Use Cases For Maturity?
More than once, I’ve been in the meeting where someone is questioning whether or not to get a particular security system. This someone asks, “OK, so if someone has the CEO at gunpoint and forces him to log in to his PC and then takes pictures of the documents visible on his screen, then blackmails the CEO to say nothing to the local police as he slips away into the shadows and to a foreign nation where extradition is difficult, will you be able to stop that data exfiltration?”
“Uh, no…”
And then that someone crosses arms and boldly states, “Then why bother with all this trouble if it’s useless against a *real* hacker?”
Now, maybe it’s not exactly that scenario. But whatever’s offered up is an advanced use case that even the tightest of security nets would have trouble catching. And if the current state of the IT environment is where someone could bring a PC from home and copy all the files off the main server, maybe that group of advanced use cases isn’t what anyone should be worrying about right now.
Which is why it’s important to consider such exotic cases, but rate them for what they are – exotic. When someone brings up a basic use case that is well within the capabilities of the security product to restrict, rate that as a basic case that will be among the first to be dealt with as the system is introduced. As the system matures, then the more mature cases can be considered.
I deal with NAC in my role, so I see the range of use cases all the time in my meetings with customers. Block a PC that isn’t part of your firm? This is not difficult to do. Block someone spoofing the MAC address of a printer? Well, that’s more than a basic task. I have to ask how we can tell a legitimate printer apart from a spoofed device. If there is no way to tell, then we have to ask if it’s possible to treat all printers as outsiders and restrict their access. This is where maturity comes into consideration.
Maybe we just proceed forward with the PC use case and think some more about that printer issue. Perhaps once we have the PC use case dealt with, there may have been time enough to set up an SNMPv3 credential to use to log on to legitimate printers. Maybe there was enough time to determine how to set up printer VLANs and restrict them. If so, then we’re ready to deal with that printer issue. While we’re doing that, we could be thinking about how to handle the security camera issue, or something like that.
Each environment will have different levels of maturity for their use cases. Perhaps at one firm, it is easier to deal with securing PCs than it is with MacOSs. At the next one, they could have a better handle on their MacOS management than they do with PCs. Maturity could simply be deciding between equally-difficult tasks about which one will be done first.
Maturity can also be seen in calling out when a use case goes beyond the capabilities of the product under consideration. A proxy server does not provide its own physical security system, for example. So, if we entertain scenarios in which physical security is defeated, we should be tabling those until we’re looking at a physical security system. By the same token, if for a scenario to be plausible another security system has to be defeated, then that begs an argument about the safeguards and durability of the system that has to be defeated, not the one under current consideration.
We also see maturity in getting different systems to work together. Being able to automate responses from one system to another gives firms the ability to deal with increasingly advanced threats. All the while, as long as we keep a perspective on how mature our security systems are, we know what level of threat we can deal with.
Auditing Firewalls
There’s an old Robert Frost poem, ‘Mending Wall’, that I’d like to pirate draw inspiration from and make a few adaptations to, if you don’t mind…
Auditing Firewalls
Something there is that doesn’t love firewalls,
That opens the ports, many and varied,
And spews out the code in plain text in prod;
And makes gaps even two can pass abreast.
The developers’ work’s another thing:
I have come after them and made repair
Where they have left not one single port blocked,
But they would have the code loaded straight to prod,
To please the yelping dogs. The gaps I mean,
No one has seen them made or heard them made,
But at spring audit-time we find them there.
I let my neighbor know in the next cube;
And on a day we meet to read configs
And set firewalls between us once again.
We keep firewalls between us as we go.
To each open ports that have opened to each.
And some are ranges and some are in groups
We have to use a spell to keep them all closed:
‘Stay where you are until our backs are turned!’
We wear our fingers rough with scrolling down.
Oh, just another dull video game,
I call out the new insecurities
There where it is we all need those firewalls:
Where contractors connect to prod boxes
Where file servers sit, shares all exposed
To outsiders’ eyes. And we accept risk.
He just says, ‘Good firewalls make good neighbors.’
Spring is the mischief in me, and I wonder
If I could put a notion in his head:
‘Why do they make good neighbors? Isn’t it
Where they segment traffic?’ But no segments,
No zones define our flat, inner network
Contractors here mixed with outsourcers there,
Aren’t firewalls and segments for those neighbors?
Something there is that doesn’t love firewalls,
That wants it down. I could say ‘Scrums’ to him,
But it’s not scrums exactly, and I’d rather
He said it for himself. I see him there
Auditing a rule that’s permit all all
The CISO told him to accept the risk.
He moves in darkness as it seems to me,
Not of woods only and the shade of trees.
He will not go behind his CISO’s saying,
And he likes having thought of it so well
Once again, ‘Good firewalls make good neighbors.’