I love squirrels, but I can only eat three or four at a time
Sunday, June 27, 2010 at 12:10AM When we built our new house, we picked an oversized lot, and we inherited a ton of huge trees. Along with this came the wildlife. Our dog got skunked our first summer. Rabbits eat my wife’s sunflowers. Coyotes keep leaving rabbit bits all over. Raccoons dig up our compost and vegetable garden. And then there’s the squirrels.
I put up a couple of bird feeders to hang on some low-lying branches, one for big birds, and the other for finches, tiny colorful little things that look very tasty to me. Anyway, the squirrels just loved the big bird feeder. They would climb on that thing, shake it like hell, dump all the bird seed on the ground, then eat it all up. They could empty that big feeder in half an hour. So I bundled some chicken wire around where the feeder attached to the branch. That intimidated the squirrels for about a week, then they learned that chicken wire is terribly easy to climb on. I put an aluminum dish around the top of the feeder, and this puzzled them for a few days, until they found a way around it.
I took a plastic yard sign and draped that over it. When they tried to climb on it, they would slide off. But then they figured out how to kind of hang from the branch a couple of feet away, and leap on to the feeder. At one point, I had the chicken wire, dish, and sign on there all at the same time. But with each piece of defense, the little rodents took less and less time to reason their way past it.
It got to the point where it looked like I’d built some huge contraption to protect what started to look like a little bitty bird feeder. It got downright stupid. I talked about electrifying it from the top. My kid said it wouldn’t matter, one day we’d wake up and find them standing on each other’s shoulders to reach it from the ground.
Finally I bought one of those shepherd’s poles, a curved rod you stick in the ground that squirrels can’t climb.
My point is, this is how hackers do it. No matter what you put up, they will eventually figure out a way around it. So there’s two ways to examine the issue. First, defense in depth. Figure out what’s a proper identity for getting into a system. Provision your identities securely and logically. Then associate a proper authentication and authorization model, for access control. Don’t forget the fine-grained application security. Audit everything that’s going on. Make it as difficult as possible.
But remember the TJ Maxx saga? That wasn’t a single hack. It was a whole series of them. The bad guys made Swiss cheese of that system.
So one more thing to consider: database security. Don’t allow unencrypted data to ever leave the nest. There are solutions you can install on top of your data, but if your database secures its stuff at the kernel, that’s even better. No matter what client the hackers might employ, the data is secured at the source.
Remember Occam’s Razor: all things being equal, the simplest explanation is the most likely. And the simplest solution might be the most efficient. Besides the chicken wire and minefields and predator drones, protect your assets at their source. Make it as hard as possible for the bad guys to reach the door, and then secure what’s behind the door.