Wisdom of Words

by Tina Darmohray
<tmd@usenix.org>

Tina Darmohray, editor of SAGE News & Features, is a consultant in the area of Internet firewalls and network connections and frequently gives tutorials on those subjects. She was a founding member of SAGE.



Hindsight is 20/20. The best defense is a good offense. Forewarned is forearmed. There's no time like the present.

Do you ever find yourself dispensing these well-known phrases as advice? I do. Sometimes I give them to others; sometimes I'm the recipient, as I lecture myself. I find that the advice these words impart is as important as the sheer fact that they exist. For example, "hindsight is 20/20" wouldn't mean nearly as much if it weren't applicable to so many folks at so many times. It's the one that helps me remember that I'm seldom the only one in this predicament, and that's consolation in itself at times. Bottom line, there's a lot of life wisdom delivered in these deceptively simple sentences. And, I'd argue, there's a lot of sysadmin advice in them as well.

The best defense is a good offense.

You will never be better prepared to thwart an attack, function in a crisis, or recover from a catastrophe than if you prepare for them ahead of time. I know that we've all heard this before, but sadly there are many sites, even high-profile organizations, that aren't heeding this advice and deploying industry best practices in system administration. It sounds simple, but there is a good reason that they are "best practices." You'll never regret spending system-administration cycles on basics like:

• creating and verifying backups ["It's not a backup until it's been restored."];
• limiting services and access;
• applying patches;
• using nonreplayable passwords over untrusted networks;
• considering encryption for remote access;
• having a policy;
• having a crisis plan and testing it to see if it is practical.

Hindsight is 20/20.

Of course, experience makes us all better. There's no need to apologize for learning from mistakes. If you didn't prepare in advance, let the lesson be that you never get caught off guard again. In all the disasters, break-ins, and computer incidents I've seen, rarely is there something truly new and different. Almost always it's a known problem that's been exploited and poor system administration that's at fault ­ and best practices would have prevented it.

Forewarned is forearmed.

I said rarely. Recently I've come across a so-called "dead-man switch." It is installed on compromised hosts to cause damage if it detects the host owner taking action to reclaim the machine. Because of this, it might warrant considering if you need backups before you "pull the plug" on a suspect machine, as such action might trigger a dead-man switch.

There's no time like the present. So, go out and get your site in order. It'll keep the bad guys out, the machines up, and you asleep at night! Remember, you reap what you sow.