The Secret of the Security Safety Dance

posted on Wednesday, June 03, 2009 3:58 AM

Attackers say, we can go where we want to; we can leave our code behind…

There’s probably a raid going on right now in Naxxramas and the attackers are almost certainly doing the Safety Dance. They probably learned the Safety Dance the same way I learned about it; from someone well-versed in its intricate steps.

See, if you don’t know the Safety Dance and you come up against Heigan the Unclean, well… he’s not called Heigan the Unclean for nothing. You will not survive. Not even if you happen to have a Holocaust Cloak at hand.

Players in WoW (World of Warcraft) have figured out exactly what steps to take and when in order to defeat the defenses of Heigan the Unclean and they aren’t shy about sharing them with other folks.

The Safety Dance is about keeping safe while defeating the enemy. It’s a set of tactical maneuvers that have been carefully learned by trial and error over time and is now shared in forums and videos and image galleries across the web.

Kind of like how attackers share information about the vulnerabilities inherent in myriad software and hardware infrastructure inside your data center and, in some cases, exactly what steps to take to defeat your defenses.

YOU AREN’T A COMPUTER GENERATED ‘BOSS’ in a VIRTUAL REALITY DATA CENTER, ARE YOU?

At least I hope you aren’t. I hope you’re a real life, flesh and blood person with the capability to adapt to evolving attacks and vulnerabilities. I hope you’re agile and fluid, not inflexible and easily broken. And I hope your infrastructure, is, too.

The reason that WoW players use the Safety Dance is because it works. Every time. Heigan the Unclean is inflexible, unable to adapt, and does not react at all to anything other than the raiders attacking it. Heigan doesn’t even realize that the WoW community has figured out how to break his defenses let alone be able to change its tactics in order to extirpate the effectiveness of its enemies attacks.

Heigan has nothing but his weapons and magic to help him, and a predefined set of actions which he can take to stave off his inevitable defeat at the hands of his attackers. It isn’t a matter of if he will lose, it’s a matter of when.

You, one hopes, are not so ill-armed nor is your defeat at the hands of attackers inevitable. One hopes that your and your infrastructure are agile, ready to react at the first sign of trouble. Able to fend off the most determined

~~adventurers~~ attackers no matter what type of dance they may try to use to slip past your defenses.

Sure, your defenses are technological and his are magical, but there are some elements of your infrastructure that can be, in a way, magical in nature. A dynamic infrastructure, Infrastructure 2.0, can provide the ability for systems – including security – to be more agile; to adapt in real time to changing conditions and threats. That’s kind of magical considering the rigidity inherent in traditional infrastructure offerings. Between context-awareness and programmability, such systems offer a platform on which immediate tactics and long-term strategies can be implemented that can defeat attackers without massive disruption of internal systems.

YOU MUST BE AS DYNAMIC AS YOUR INFRASTRUCTURE

Certainly dynamic infrastructure affords you the opportunity to be agile. It enables IT and therefore the business to be more adaptable and counter the tactics and attacks used by miscreants bent on leaving behind destructive code. But inherent in that statement is that you must take advantage of that agility. While there is much that Infrastructure 2.0 can offer in terms of automation, integration, collaboration with the entire infrastructure ecosystem, and agility there is much that lays dormant waiting for you to take advantage of it. Like developers, you have to use the platform to your advantage and implement solutions that improve the overall security of the applications which you are charged to protect. You have to be dynamic, too.

You can’t stand before the armies of the invaders and defend yourself – and your applications – using the same old tired tactics because the attackers know exactly what you’re going to do, when, and where. You must develop a new set of tactics and responses by leveraging the tools at your command; by leveraging the intelligence inherent in Infrastructure 2.0 solutions to detect and prevent old and new attack methods.

If you can’t adapt then you can’t leverage the infrastructure and you will fail as more and more DPS (damage per second) is directed your way. Just like Heigan the Unclean.

Technorati Tags: MacVittie,F5,infrastructure 2.0,dynamic infrastructure,iRules,collaboration,integration,automation,Heigan the Unclean,Safety Dance,WoW,tactics,security,agility,infrastructure,architecture,adaptability,web,internet,blog

Related blogs & articles:

Posted In: Security, iRules, Development and General, Cloud Computing,

2 Comments

Feedback

6/5/2009 2:07 PM
		DevCentral Top5 06/05/2009
Colin Walker

6/19/2009 3:58 AM
		Opera Unite Cuts out the Middleman
Lori MacVittie

Let Me Know What You Think

Please use the form below if you have any comments, questions, or suggestions.

Title:

Name:

Email: (so we can show your gravatar)

Website:

Comment: Allowed tags: blockquote, a, strong, em, p, u, strike, super, sub, code

Remember Me?

Enter the code shown above:

Please add 3 and 6 and type the answer here:

		General SOA
		SOA Delivery
		Randomness
		Web 2.0
		Security
		iRules
		iControl
		Development and General
		Monitoring/Management
		XML
		ISV Solutions
		Microsoft Solutions
		Performance
		Cloud Computing
		Virtualization
		WILS
		Infrastructure 2.0
		F5 Friday
		Data Center Feng Shui
		Dynamic Infrastructure
		Load balancing
		Service Providers
		1024 Words
		v10.2.2
		v11
		JSON
		HTML5
		Mobile
		iApp
		Availability
		Storage
		DDoS
		AppSec
		TradSec
		Marketing Madness

		February, 2012 (6)
		January, 2012 (13)
		December, 2011 (9)
		November, 2011 (12)
		October, 2011 (14)
		September, 2011 (14)
		August, 2011 (16)
		July, 2011 (12)
		June, 2011 (14)
		May, 2011 (12)
		April, 2011 (16)
		March, 2011 (16)
		February, 2011 (12)
		January, 2011 (14)
		December, 2010 (12)
		November, 2010 (14)
		October, 2010 (14)
		September, 2010 (13)
		August, 2010 (13)
		July, 2010 (18)
		June, 2010 (22)
		May, 2010 (22)
		April, 2010 (19)
		March, 2010 (23)
		February, 2010 (20)
		January, 2010 (17)
		December, 2009 (16)
		November, 2009 (20)
		October, 2009 (22)
		September, 2009 (21)
		August, 2009 (25)
		July, 2009 (18)
		June, 2009 (20)
		May, 2009 (20)
		April, 2009 (21)
		March, 2009 (23)
		February, 2009 (17)
		January, 2009 (19)
		December, 2008 (17)
		November, 2008 (18)
		October, 2008 (27)
		September, 2008 (32)
		August, 2008 (31)
		July, 2008 (30)
		June, 2008 (33)
		May, 2008 (30)
		April, 2008 (24)
		March, 2008 (5)
		February, 2008 (4)
		January, 2008 (8)
		December, 2007 (5)
		November, 2007 (6)
		October, 2007 (3)
		September, 2007 (5)
		August, 2007 (7)
		July, 2007 (7)
		June, 2007 (5)
		May, 2007 (11)
		April, 2007 (9)
		March, 2007 (7)
		February, 2007 (10)
		January, 2007 (5)
		December, 2006 (4)
		November, 2006 (8)