Isolate the stupid

A while back, I wandered straight into the middle of a conversation between colleagues and overhead one of them say the wonderful phrase “isolate the stupid”. To be fair, I have taken it completely out of context of the original conversation, but I liked the phrase so much I thought I would use it for my own nefarious ends. Muhaha.

Over the years, I have regularly been called upon to provide help to organisations that have suffered a breach, and need to quickly find out what happened so that they can retrospectively bolt the door (so no more horses can escape).

A common contributing factor I often see in this kind of situation is a huge, flat internal network structure. One that mixes all classes of device together on the same logical wire: servers, desktops, peripherals and (horror-of-horrors) bring-your-own devices. In this situation, all it takes is one stupid mistake, such as a user clicking on a misleading phishing email, and the attacker suddenly has unrestricted access to the whole internal network. Game over.

In security parlance, compartmentalisation is the concept of breaking environments into discrete, logical components, whereby a failure is contained from spreading. In almost all these situations a modicum of compartmentalisation would have either prevented, or greatly reduced, the impact of the breach.

So there you have your top tip for the day: isolate the stupid.