One Thing To Do Today: Learn an anti-normalization design pattern
TL;DR Written records are your friend.
Today, moving on to the moral compass attack vector. Once the fight starts, can we remember our values in the thick of it? Humans can adapt to new set points very quickly. This makes it vital to take steps to prevent normalization of new horribles.
I advocate designing systems in your life that enable you to:
- Document where you want to be (both what’s within tolerances, what’s optimal, what’s unacceptable)
- Maintain a record where you’ve been
- Analyze where you are
In non technical scenarios this might mean:
- While not discounting media that serve as warnings to be vigilant, also have a shelf of books, documentaries, a YouTube channel, anything, that reminds you of what good really looks like and that it’s possible. Actually write down WHY these examples represent goodness to you. What behavior specifically would you like to model. What behaviors specifically were abhorrent. I suggest real world examples, but fiction can work too.
- Start keeping a journal to document the actions of public figures.
- How do the recorded, observed behaviors line up with the examples from step one?. Compare those actions against other periods in history to make apt, accurate comparisons to the current situation, without sensationalizing. Where are we on the road either towards or away from our ideals?
To extrapolate the same design pattern to a technological system, detecting attacks means not just accepting that “my computer just runs slow sometimes” or “sometimes my network is flakey.” When technical systems start behaving strangely, it is possible to check what going on using system messages and log files.
- Have a written model for what normal operations looks like. Provide it to others.
- Configure logs to record information relevant to that model. (Write software that can log relevant information)
- Actually monitor and analyze logs against that template, developing tools that automate the process.
Many safety and privacy concerned services tout that they “don’t keep log files.” What is this log file? Well, computers watch what we do, and they take notes. Lots of notes. On lots of different things. In the case of privacy mined VPNs they are specifically talking about a servers ability to jot down the locations of where you came from and where you’re going.
If you’ve never heard of log files before, overviews for SEO folks try to break what they’re for down in relatively plain language. Finding out what a computer is up to can be as simple as taking a peek at the end of a log file and pasting the text into a search engine.
Top 3 Links For Jumping Right In
These links presume some command line knowledge. I apologize for that, but these article jump to how actually to use them.
- The 6 Categories of Critical Log Information
- Log Analysis for Web Attacks: A Beginner’s Guide
- An Introduction to Log File Analysis for SEOs & Webmasters
Guides from Operating Systems
When trying to learn about how your computer uses log files, try the search term “log file $YOUR_OPERATING_SYSTEM troubleshooting”
- Ubuntu, overview of linux log files
- Apache, introduction to debuging
- Mac OS, the Console utility. Link within the article on using the console tool to debug.
- Windows, I am too unfamiliar with Windows to evaluate the links. so this one is too the cleaning and optimization guide at Decent Security.
- iOS, use iTunes system log files, or Xcode.
Guides from Hosting Companies
Hosting companies want you to be able to catch shenanigans happening on their hardware fast. Many of them have guides on using log files.
Generating Your Own
- Write logging into your own python based tools
- Log files for robots. go to Chapter 3.
Tools for Handling Logs
How do I find tools for log analysis? A starting point would be, a github search sorted by stars. Many of these projects have done the work of figuring out what normal should look like, and come with documentation that provides guidance on how to set them up. Top projects tend to be maintained by professionals for professionals to be used on a large scale. Even if they don’t fit your needs, skimming the documentation can be an education. OSSEC HID and ModSecurity in particular have an eye towards log analysis for security purposes.
Some projects that might otherwise escape notice:
- LNAV “an advanced log file viewer for the small-scale”
- Glogg a “A fast, advanced log explorer.”
- AWStats “generates advanced web, streaming, ftp or mail server statistics, graphically.”
- LogCluster for pattern recognition in log files a “simple logfile clustering tool”
- Website – very sparse
- White Paper (PDF)
- Pimp My Log. No analysis, just web server log files meet twitter bootstrap. Included because a some of the others tools have made my eyes bleed.
I have zero experience working with the big names in the not-open source log analysis category, but I feel like I should include them. I’ve left out VirtualWisdom because it doesn’t actually appear to be that log-file centric?
- LogMX (Java warning, but seems to be much more private individual friendly than some of the others)
- Retrospective by centeractive
- vRealize by vmware
Focus on the pattern, not the tools
While I just dumped a lot of information about logs on you, that’s not the important point. A pattern for building a system resistant to drifting off mission is the point.
- Define your values
- Know where you’ve been
- Analyze where you are
These three steps not only prevent our natural tendency to accomodate and make due kick in, they provide the information required to create a plan to GTFO the mess entirely.
One thought on “One Thing To Do Today: Learn an anti-normalization design pattern”
Pingback: One Thing To Do Today: Truth vs. Checksums