ELI5 why does it appear so easy for hackers to shut down multimillion dollar services like PSN and xbox live?

Buzz word time! CISSPs close your ears! Just kidding. What exactly are you asking? Sure I could here and throw something at you about risk assessment, threat modeling, determining your critical assets, etc. Creating policies, procedures and guidelines, implementing defense in depth, detective, preventive, blah blah blah. Or I could just say.. Drink and pray.

If a scary monster is chasing you and your friends, all you have to do to survive is outrun the person next to you. However if the monster wants you specifically, then they're gonna get you. Eventually they're gonna get you. Really you have to determine what your information assets are and how much they are worth protecting. For most people it's not worth a whole lot beyond just regular backups, some AV software and a firewall.

I hate to just say it like this, but client side security is essentially hopeless. Even if you invested tens of thousands of dollars into setting up this super secure home network, a determined and skilled attacker could easily defeat that system with 1/10th the resources. That doesn't mean everyone should just bury their head in the sand. If you're looking for practical advice to protect yourself and your family with minimal time and money investment, I suggest that at the very least you follow a CIS hardening guide for your hosts.

If you want to take it a step farther on the host side then you can use virtualization. For example, transparent virtualization to make sure your web browser runs only inside of a VM. It's completely transparent so the user wont even notice. Then you use a partition marked as non-executable for bookmarks and downloads via that browser so you're not losing your data every time you start a new browser session. One of my colleges wife kept getting infected with malware and this is what he finally did for her. Now she browse wherever she wants and she's protected from the vast majority of web centric threats. You could run everything in a VM or even have a system that launches a separate VM for every application, like Qubes. On the network side I'd suggest you throw out that little poor man's firewall and set up a proper defensive network architecture.

But then it's like how far am I going to take this? Do I start explaining how you can implement discretionary access control, mounting static partitions as read only, implementing dual stacks, running your own DNS and mail servers? Where does it stop? What's the line for an average user? I could tell you about how I set up my home network, but that's probably impractical for most people. Sure, if you can then go ahead and deploy a multiple tier DMZ network for your home with a state-aware proxy firewall and NIDS that you actually monitor and respond to. Having HIPS doesn't hurt either. I like having the detection on the network and prevention on the host, mostly because it's easier to manage that way, but some might say that's "wrong." Set up a locked down host. At the very minimum follow guidelines from the CIS on how to do that. Use virtual machines, etc.

Does this make you or me 100% sure? Not even close. VM escapes are a real thing. Attacks are increasing being focused lower and lower in the stack which makes them nearly The key thing is prevent them from getting root. Once they get root,

/r/explainlikeimfive Thread