Monday, February 14, 2011

Digging deeper into my last post

In my last post I mentioned my observation about Shmoocon Labs’ success at emulating an enterprise network, including some attributes not planned- specifically some inefficiencies, complexities, and balkanization of roles.
Note: as I said in the last post, this is not a shot at Shmoocon Labs, I think the Labs are fantastic- I’m just extending the learning experience beyond the stated curriculum.
Modern networks, even fairly small ones, are often more complex than they need to be.  The people who manage the networks have limited areas of expertise and generally work within their knowledge areas- this tends to mean a bias towards specific products, services, and techniques.  These are expected issues, no one can master all aspects of network or system administration; we all (well, most of us) do the best we can with the resources available and make stuff work.  I want to reiterate that point:
We do what we can, with what we have, and make the best of it.
That does mean that the results aren’t always pretty- but as is also true of my old pickup truck, we get the job done.
After years of doing the best we can with what we have in our environments, the cumulative result is frequently downright ugly- especially when seen through the eyes of outsiders.  (Good thing we aren’t judgmental when we enter new environments).
I am not suggesting we excuse or ignore the train wrecks we see in our daily InfoSec grind, they are usually easy to spot and should be called out.  It is our job to identify and try to resolve problems. 
If, however, we fail to consider how the situation evolved into its current state or we forget that no one set out to make a train wreck, we are likely to be ignored- or we will repeat the same mistakes that created the old mess (although the technology industry has an amazing aptitude for making the same old mistakes in new and exciting ways- but this isn’t a post on Cloud computing, so we won’t go there).