Chapter 3

Making the Complex Simple

“TELEPHONE n. An invention of the devil which abrogates some of the advantages of making a disagreeable person keep his distance.”

—Ambrose Bierce

“How can you hide from what never goes away?”

—Heraclitus

Who is really anonymous? Or perhaps the better question is this: Why would anyone want to be anonymous when they attack? The obvious answer is to avoid persecution or retaliation. A less obvious answer is that an anonymous attack represents a philosophical claim to identification as the “commons” as opposed to an individual or even a group. Remove a defender's ability to identify an attacker, and he must assess risks from everyone and anyone.

Walking down the street, you inevitably look at the windows, doors, and walls of the buildings near you. You do not have to be authorized to look around at these things, because the risk is low, and the cost of enforcement is extremely high. Instead, there are certain boundaries beyond looking around—indicators of higher-risk behavior—that you are not supposed to violate. Climbing a pole to see over a fence, for example, is a challenge to a boundary. Stepping past a “private property” sign is also a challenge to a more well-defined boundary.

The issue of violating boundaries to “look around” came up recently in the cloud when Google mounted a camera above a car and drove it around to collect “street view” images. Homeowners objected. They accused the company of peering over their fences as well as driving ...

Get Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.