DON'T PANIC!
It's alright, Sony has assured us the PS4 was *NOT* hacked.
And that's the important thing now isn't it?
Sony Pictures is investigating a breach that has seen hackers supposedly steal reams of internal data and splash defacements across staff computers. The company is now in lock-down as it wrestles with the problem. The beleaguered company, writes Variety, has requested staff disconnect their computers and personal devices from …
The ridiculous security infrastructure in place along with holes deliberately punched through by agencies like the NSA make this not just likely, but inevitable. Sony will not be the last to witness such a breach.
If you have not had a visible breach of any kind and you have a valuable network I would not be too smug that I had a secure system. I would be suspicious that you have already been penetrated if you have never seen any visible sign of a partial breech. The really dangerous malware seals up your system so other malware (or legitimate attempts to reclaim the system) cannot break its grip.
You are not going to see a zero day exploit on your system if it has already been used, your system captured and the weakness fixed by the intruder.
By their nature at least some zero-day exploits are very hard to anticipate. In most cases, your just hoping that you get notice and a fix before a breech because some other sucker took the hit.
Mortals attempting to keep complex heterogeneous systems secure don't have much of a chance against strong attacks.
Having said the above, a down and dirty way for medium to large companies to at least make net facing systems less attractive as targets is to just get someone who knows what they are doing to make sure that hardware firewalls seal the perimeter.
I have you an up vote simply because you're pretty dead-on right up to the point where you give a prescription. There are no perimeters anywhere. You have no choice but to use whitelists everywhere, with signatures even though those can be got around as well (nobody uses two differing hash signatures yet), and a slash and burn approach to air gaps center out to edges, never edges to center. And no, badbios is still a problem with new media.
Many years I came up with my "bastion" defense scheme, basically along the same lines of the largest castles ever built but digital. Now, any and all of my past work isn't sufficient now that nation-state grade tools are falling into the hands of "less sophisticated" criminals. I guess a fortress of solitude next.
Yup I am also very fond of the castle / bastion approach, it is also a great image to have on the screen when doing security awareness training.
My fear isn't the Nation-state grade tools, it's the tools inside the walls who effectively tunnel under the walls, leave the gates open at night and store all our crown jewels in a shed in the middle of town labelled "Jewels - keep out please".
I do wonder though why Sony appear to get hit so often, bad at Security or a campaign by MS to make XBOX dominant in the marketplace.
@btrower
I am not a security expert but the conclusion I have come to is that it is next to impossible to prevent a truly determined attack against any network - at least while still maintaining some even half-way acceptable level of utility.
As you have said, the goal is to do enough so that you are not a target of opportunity.
Asking when rather than if your systems were/will be compromised is good security practice.
So your strategy is to make life as hard as possible for miscreants once they are in. One useful tactic might be to avoid (presumably) unencrypted password stashes called things like Extranet Oracle & SQL passwords 4.3.06.txt.
Looking at security, considering breach points in the physical and digital world, then as time goes on the top bosses want to install "Torch" apps on their phones that need full access to all their details, world of tanks on the laptop, a news ticker that keeps them updated on their football scores and to let the niece use the laptop while visiting to download kids games.
We are banging our heads against walls, the only advantage of getting older is that we don't run so fast at the wall first.
What benefit would an attacker have freely publishing passwords? These are commercially traded commodities.
This has all the hallmarks of a disgrunted employee, rather than an external attack. It's either somebody who has been disciplined/sacked and wants to cause trouble, or somebody who has got fed up about banging on about poor security/operational procedures and wants to to a 'told' you so.