Sunday, August 07, 2005

Soccer Goal Security

I found this ad in Network Computing magazine. It did not address a security concern, but I thought the image was priceless. I see the goalie as representing most preventative security countermeasures. Player 9 is the threat. The soccer ball is an exploit. They are attacking an enterprise, represented by the soccer net.

The goalie is addressing the threat he expects, namely someone trying to score from the side of the net he is defending. In many cases the goalie is "fighting the last war;" perhaps the last time he was scored upon came from the side he now defends? The threat is smart and unpredictable, attacking a different part of the net.

The net itself (the enterprise) is huge. Not only is the front of the net open, the net itself is riddled with holes. A particularly clever attacker might see his objective as getting the ball in the net using any means necessary. That might include cutting the ball into smaller pieces and sending the fragments through holes in the net. Another attacker might dig his way under the goal and send the ball up through a tunnel. Yet another attacker might wait for the goalie to get tired, or drop his guard, or lose his vision at night. A really viscious threat would attack the goalie himself.

Network security monitoring is the device that captured this photo. We might collect indicators of any of the previously mentioned attacks. A traditional IDS or IPS might alert or try to block attacks (goals) passing from outside the front of the net to inside the front of the net. NSM data might reveal vibrations from tunneling under the goal, or small pieces or soccer ball being infiltrated through the back. Perhaps the goal itself is slightly raised in the back and the ball is just pushed under!

I would prefer to see a version showing an ice hockey goalie, but I would have to stage and photograph that myself. Apologies to my friends across the pond who call this "football."

5 comments:

Keydet89 said...

I'm right there with you on this one, Richard. Too many times, the general security practices approach is put aside as the point target approach is pursued. Thanks for posting the image, I think ir really gets the point across.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

Murali Raju said...

This is great! I can certainly use this to get the point across and the importance of NSM to those who simply won't listen. Thanks Richard!

Regards,

_Raju

AT said...

It's not just those across the pond that call it football; for ALL the world - including north and south America - except the US, football is played with your feet and no hands.

Anonymous said...

The whole world calls this football.

Richard Bejtlich said...

Anonymous,

Apparently not.