Yesterday's hardware helps solve today's security problems

June 9, 2003 —

Many organizations have older hardware that either rotates off of lease with very low buy out options or comes out of service as newer, faster or larger systems come online around the enterprise. Some organizations have begun donating these assets to charitable groups or others in need, and some even sell the systems outright to employees or other companies. But before you go racking and stacking your old computers and network gear for resell or donation, consider how some folks are using those old systems to help them solve some of their existing security issues.

The first common use for old hardware is to make your team a security lab. The uses of the security lab are nearly endless. Older systems may not be the top of the line for the most current uses in your organization, but many places find that old hardware is powerful enough to load with images of their functional operational loads from around the enterprise. Yesterday's servers make great testing platforms for today's and tomorrow's loads. Use these recycled systems to test new software and to troubleshoot problems between existing software and migrations or upgrades. Want to study the effects of a new scanning tool? Load up these lab machines with mock-ups of your production environment and fire away! If systems crash and burn, well, that is what they are for and at least you learned here instead of on production systems during an ever-decreasing maintenance window. The security lab is a must, so grab that aging gear before it finds a new home.

Already have a lab? Great! Then take some of those recycled machines and use them to add to your intrusion detection views. Make sensors out of the old workstations and sprinkle them lovingly around your network, inside and out. If those aging machines are to slow to run some monolith IDS tools, take a poke at snort! and you might just find yourself convinced. These same systems loaded with Windows and personal firewalls can also give you an idea of what is going around your networks. Just make sure, as with any system, that you harden these systems prior to deployment. You do not want to make more problems than you solve. With proper planning and care, these additional sensors just might be what the doctor ordered to help you get a spot on view of threats that are in play on your backbone and subnets.

If you have some extra time or staffing resources on your hands, these older systems also make great starting points for honeypots and honeynets. Use the old hardware to construct your very own trap and study network to undertake observation of internal or even external assaults against your organization. Play carefully with honeypots and honeynets though, or you might be the one who ends up getting stung. Grab a copy of the book "Know Your Enemy" for more details, or visit the honey project site for more details. Always remember to get management approval before using any kind of honey pot in your network.

I hope these three ideas give you a starting point for using your aging computers and network gear. While donations and employee sales are good causes, remember that charity begins at home. Using your old assets to solve new problems not only benefits the bottom line, it also makes your security team more knowledgeable and prepared. If your organization has come up with some recycling ideas to help security, drop me a line and let me know what you have come up with. Waste not, want not - seems like the phrase of the day.

MicroSolved, Inc.