Darkness falls across the LAN
The midnight hour is close at hand
Scanners crawl in search of ACKs
To wreak havoc with hacks and cracks
And whosoever shall be found
Without open ports and firewalls down
Must stand and face the hounds of hell
And rot inside an admin’s shell
The foulest stench is in the WAN
The funk of forty thousand MAN (pages)
And grizzly ghouls from every host
Are closing in to make you toast
And though you fight to stay alive
Your router starts to shiver
For no mere mortal can resist
The evil of the thriller
With Halloween just around the corner, are you prepared for tricks, or hoping only for treats. There’s an entire host of evil out there. How many of these ghastly things might be found on your network?
Witches and warlocks may not be scary to sysadmins, but that’s because most users think they’re guilty of witchcraft! Whether it is their mastery of the command-line, or their knowledge of websites, or their ability to fix any error, there are users on your network who make the sign of the evil eye at us as they walk by, or think they turned the users into a newt. At least they got better.
The walking dead strike fear into the hearts of all. These poor victims of malware may not even know that they have fallen, but their quest for brains (data) leads them to stalk the living, hoping to infect them as well. Once you have a zombie in your midst, go for the headshot (format) but better to use a good antimalware app to avoid infection altogether.
3. Frankenstein’s Monster
Dr. Frankenstein was a genius that created a monster. Programmers are geniuses that create monster apps. Some of these are great; others are terrifying! If your developer wants to talk firewalls, but doesn’t know what ports his apps need open, you’ve got a Frankenstein’s monster on your hands!
Seemingly normal for most of the month, the curse of lycanthropy causes the afflicted to assume the form of a horrible wolf-like creature, and to tear across the countryside reigning terror throughout the land. On your network, werewolves are those apps that normally behave, but once a month go on a similar rampage causing havoc on your network. They can be end of month processes, or bulk email apps, or other terrible things. Whatever the cause, a silver bullet is the cure.
Ghosts are the accounts of former employees, still active because someone else is using them, or an app is running as them. Proper account deprovisioning should include an exorcism to send these tortured spirits on to the next plane. Disable for 30 days, then delete to banish them forever!
Just as the call of the siren lures many an unsuspecting sailor to his death, the call of a phishing scheme can do the cyber equivalent to many the unsuspecting checking account. Use a combination of email filtering to block phishing messages, and web filtering to block access to phishing sites, to protect your users from temptation.
Golems are service accounts set to run as the admin who created them. The admin is probably still on the job, and uses the golem to do his bidding. Unfortunately, that probably means that the admin has his password set to never expire, and audit logs are filled with logins from this admin account too numerous to track. Banish the golem by prohibiting admins from using their own accounts for services, and by enforcing password expiration on all users.
Having trolls on your network can be a horrible experience. They tend to grumble and groan, and whenever possible, incite riots. A single delayed email becomes “the firewall is blocking all my messages!” A website that is blocked becomes “the Internet is down!” And anytime you do anything, the troll second guesses and states for all to hear that he wouldn’t have done it that way. If you cannot banish them to under their bridges, show them the light of day!
Worse than the troll is the ogre, who like an onion has many layers. These layers include all the steps you have to go through to get approval to do anything-like patching, changing firewall rules, deploying new systems, etc. Ogres of old like to eat humans, while modern day ogres like to crunch bones while going through change control processes!
Ghouls are programs, full of undocumented code, upon which your business depends. These line of business apps delight in consuming the flesh of sysadmins who must keep them running no matter what the cost, where each and every task may depend upon folklore handed down from the previous sysadmin, and troubleshooting depends on a lucky guess.
Entities from another world, aliens disguise themselves as BYOD devices. Unmanaged, often unseen, and completely beyond your control, users nevertheless want to believe that they can do everything using these visitors from beyond, and that you can just ‘figure it out!’ Where are the MIB when you need them?
The Fae are mythical spirits from another plane of existence. They manifest on your network as old ACLs on your firewall that can channel evil from the NeverNever through to the unsuspecting server that is reusing the ip.addr of a predecessor. If you want to keep fairies out of your network, make sure that when a server is taken down, all ACLs related to it are removed, and check your firewalls regularly to be sure all rules are still relevant.
We have all encounters unknown errors that cannot be reproduced. Users call up regularly complaining about an error, but they never take a screenshot and they always click through it, and when you try to see it first hand, their machines behave flawlessly. Congratulations! You have found a system plagued by gremlins! Whatever you do, don’t feed them after midnight!
In certain mythologies, hellhounds guard the gates to the underworld. On your network, hellhounds guard whatever it is that stands between you and getting something working. Hellhounds can take on many forms, including host-based firewalls, network firewalls, bad name resolution, incorrect permissions, invalid credentials, conflicting DLLs, missing dependencies, etc. While you can use salt to hold them at bay, it is almost impossible to kill them and eventually they will come back to plague you again!
Skinwalkers are evil beings that can take on the shape of other creatures, or in the case of your network, other programs. These are the things users like to download and install like document readers and screensavers, that wind up being something else, like a toolbar you can never get rid of, or a default search engine that you’ve never wanted to use. Skinwalkers can be avoided frequently by using web filtering software to scan downloads, but some even hide inside commercial software, like Adobe PDF reader!
Worse than skinwalkers, shapeshifters are sometimes called Trojans. These are the applications that masquerade as one thing, but are in fact something else entirely. Shapeshifters can often allow demons to steal your soul, or at least, your data, and can also cause a zombie outbreak on your network. Watch out for them by using web filtering and antimalware.
Reapers come to harvest the dead, and nothing worries a sysadmin more than when a reaper comes for his system because some other terror has taken over. Format, DELPART, and reimage are the cycle of life and death to reapers, and if one of the others above takes over, a visit from a reaper can’t be far behind.
You go to uninstall a program, or roll back a change, and then you try again and it’s like you never removed the offending code. You run the uninstall program and reboot, and when you come back up, it’s still there, mocking you. Revenants are undead programs and changes that just won’t go away, no matter what you try, until you resort to drastic measures such as mass deletes from the registry.
Have you ever gotten the willies? Had a feeling you just couldn’t shake, instinctively knew that something was going to wrong before it did? Seen a report of a zero-day and just knew deep down inside that your network was already a victim? Then you have encountered a wraith. These spirits provide portents and omens, and the most sensitive of sysadmins can feel them even when no one else can.
The dreaded bandwidth vampire may be the scariest monster of them all. Sucking up all your available bandwidth, the vampire can hide amongst audio streams, Netflix, movies, sync clients, Bit torrent clients, and more. Vampires put their own needs before the company’s, and don’t care whether email can get through or customers can get to the website. You can kill them with a stake through the heart, or hold them off with web monitoring software.
The worst of all the evil creatures threatening your network is the demon. Demonic possession can come about from many of the other grizzly creatures of legend. Whether a shapeshifter invades your network, or a fairy lets something through, or an alien gets in, once a demon gets into your network, everything is at risk. Hope you have lots of holy water on hand, and good backups!
Avoid the tricks, and use restraint when devouring all those sugary treats. Halloween is a time of great fun, so make sure you can go enjoy it by checking now to make sure your network is safe. Check for and apply any missing updates, remove unneeded firewall rules, and for good measure, change all those passwords that you’ve been meaning to get to.