Why I do not believe in IT Security Products
I was hacking computers before most cybersecurity engineers of today were born =)
Internet was like wild west those days, most people was using the same operating system and there were very little you could do to protect yourself from viruses.
Why I do not trust Antivirus
Today even a PC with a windows operating system comes with a very successful antivirus and it will block most of the malware thanks to heuristics and AI. Still the antiviruses are prune to a lot of very simple strategies to bypass but I would better explain these in some other post.
What most people dont know about Anti virus programs is all of them are trained with nearly the same datasets and there is not a big fundamental diffrence among them except UI.
These days most of malware data is obtained from online virus scanners, Some of them are analysed manualy to achieve better classification. But AI is getting better at this classification and manual classification is rarely used so all brands offer the same level of protection with Windows Defender.
Whats the alternative? Make sure your sofware packages are downloaded from the source or are digitaly signed. Most antivirus software usualy skips checking if a binary is signed anyway.
Why I do not trust a Firewall for my Security
Modern firewalls come with a lot of features from mapping internal IP addresses to MAC addresses, Request Limiting, Logging etc... and of course they are useful especially in a commercial environment. But from a security perspective, whatever brand I am using, I would not be confident about the security of my Network.
The main security reason behind using a hardware firewall is to configure which server ports are mapped to the outside world, so you can control which PC's and which Ports can access the outside world.
Of course most malware programmers are aware of this and nobody writes a malware which uses a server socket. They will develop client sockets/Http websockets to bypass your firewall to connect to their servers and connect to their c2 frameworks. So unless you are using a 90's malware, a firewall wont add very much to your overall security. The applications will interact with the outside world one way or another.
Why I do not Trust an Active Directory Environment for Security
In one of my first Job experiences in an International Enterprise Company, I was furious with the security rules in the company. One of the requirements of my job was to report illegal usage of some services on pirate websites so I needed a way to use Internet without the limitations of company firewall. The solution they offered me was giving me 2 PC's. One for Internal one for External Network. So I had 2 mouse and 2 keyboards on my desk to work and it was not a productive way to work for me.
The company PC had a lot of other limitations. It did not let me install any program, I had to call a person with authority to install a program for me. Also the AD did not let me use a USB stick so they thought they could protetect companys sensitive information this way.
I broke all those limitations at the first day! I called an administrator to install Visual Studio on my Company PC. The installation takes a long time so after he executed the setup with his admin privileges, I thanked him and told him it takes a lot of time to install and he does not need to wait. After he left, I executed Visual Studio as administrator using the options on the last page of setup wizard. If you execute an application (setup.exe in this case) with admin privilages, all processes spawned from that process will also have administrative privileges. So I created a local admin user with a couple of c# code. and now I was the admin and I did not need him anymore for the next 7 years I worked there.
I also bypassed Company Firewall with a new ethernet card I plugged to the PC with a second Ethernet cable and using iptables to route External and Internal networks for different IP ranges so both unrestricted Internet and Intranet worked like a charm.
Even if I was unable to hack the company network, I could still bypass the disk mount limitation and get any file from company PC from a VBScript I write, playing the file as a raw sound file, recording to a walkman via headphone jack to restore on my home computer. I was a kid when I did that. But it would still work today. So there is no easy one for all solution for your security. Most security solutions are waste of time and a productivity trap.
I know those solutions will stop most ordinary people from intruding your network. But hackers are rarely ordinary people and If you can not 100% secure the system, why sabotage hundreds of peoples productivity?
Since I believe the primary focus of a company should be productivity, I think best way to secure your infrastructure is still this
- Educate employees about basic security principles and phishing attacks. I have seen horrible practices like some managers giving millions of their customer details to some callcenter companies on excel files for some marketing and they were surprised when it is leaked on internet. No security Infrastructure can protect against this level of stupidity. And stupidity is not rare.
- Put as few as possible rules depending to employees technical background
- Secure the servers, not employee PC's. Employees will get hacked anyway if they are computer illeterate.
- Do Automated backups. Backup to cloud with encryption if possible.
- Design your processes so employees wont have to store cusomer private information on their PC's anyway.