棄 - 'to forsake', 'to discard', 'to renounce'
My friends are leaving.
Some were close friends; others were simply colleagues. But if you think about it, we spend so much time with our workmates that they become more than just faces we see at work—they’re part of our daily lives. For many of us, we see our colleagues more often than our families.
I sleep very little, which gives me some extra home time, but still, the reality is that I spend most of my waking hours surrounded by these people. And now, a significant number of them are gone.
I feel sorry for them and for us. I liked many of them, and from what I saw and heard, most were incredibly skilled at what they did. Their departure wasn’t their fault.
So today’s post is a tribute to them.
It’s been a month since I’ve written here. In that time, I’ve made a diagonal move in my career (up and to the side) into the role of network specialist. With this role comes a fair amount of autonomy to decide how to implement and secure systems. My onboarding is still ongoing, but I feel the itch to write and return to one of my passions: reverse engineering (RE).
Not today, though. My focus lately has been squarely on network security, and I’ve been wrestling with a thought that might resonate with some of you network addicts:
Network Protection vs. User Accessibility
How do you strike the right balance between keeping a network secure and ensuring it’s user-friendly?
The Freeloader Debate
When managing a network—especially one shared by multiple teams or even public users—you’re forced to ask yourself a tough question:
Do you lock it down, leave it open, or what?
Option 1: Lock It Down?
You could go full-on security mode and control every possible access point. Some options include:
- Blocking unapproved MAC addresses.
- Whitelisting only specific devices.
- Creating VLANs to isolate users and devices.
This approach keeps freeloaders and unauthorized devices off your network. But at what cost?
- Your IT team faces a constant workload managing requests and ensuring critical devices aren’t accidentally blocked.
- Field teams and guests are often frustrated when they can’t connect because their devices are blocked by default, leading to complaints and delays.
Option 2: Leave It Open?
You could take the laissez-faire approach. Just let everyone connect. No restrictions. No extra work.
But this comes with its own set of risks:
- An overloaded network, with too many devices competing for bandwidth and impacting performance for critical systems.
- A wider attack surface, as bad actors could exploit this openness to gain unauthorized access.
- Difficulty in tracing network activity, making it harder to identify devices or users when issues arise.
As a wise Jedi once said, “Only Sith deal in absolutes.” Neither extreme is sustainable. A locked-down network might keep freeloaders out, but it also hampers legitimate users from getting their work done. On the flip side, an open network exposes you to security risks and performance issues.
Without going into the nitty-gritty of it all, here are some alternative strategies:
Set Up a Guest Network
A dedicated guest network with bandwidth throttling and basic isolation ensures that guests can connect without overwhelming critical systems.Implement Role-Based Access
Integrate with RADIUS or Active Directory to dynamically assign permissions based on roles.Use Time-Based Access Policies
Temporary users (e.g., guests or contractors) can be assigned access that automatically expires after a set period, preventing long-term freeloaders.Monitor and Audit Regularly
NetFlow or your router’s built-in logging can track activity. This helps detect anomalies before they become bigger issues.
This isn’t just about blocking bad actors—it’s about enabling legitimate users while minimizing risk. It’s a game of checks and balances, not unlike managing resources in an economy or a strategy game.
I can’t go into much detail for obvious reasons, but I wanted to share this small glimpse into a different side of cybersecurity—one that’s as much about people as it is about technology.
I know, I know, too basic: and you're right. Besides, the fun is in the little details, and the clever choices you make. Right? But today is not the day for that.
To My Friends
So, to my friends who weren’t freeloaders, who worked hard, and who I’ll miss:
Stay strong in the trenches, stay inspired, stay healthy, and remember—every system, like every farewell, brings its own challenges and opportunities.
Roger and out.
No comments:
Post a Comment