0
Get A Free Quote

No Title

  • 17 July, 2025
  • No Comments

From Slammer Worm to Zero Trust and Microsystems: Reminiscing the Past

Yet here I am, on my third morning coffee, pondering a career that began in 1993 at age 19 as a kid look what was surely heaven – a sea of blinking router lights and tangled PSTN lines and muxes that transformed voice and data. That was before cybersecurity had risen to its current buzzword status. In those days, it was all networking: wires, signals and a little bit of magic to keep things in order. Fast forward to now. I own a security company that’s been focused on Computer Associates solutions, and I’ve recently been asked to help three banks overhaul their zero-trust environments, the kind of thing I never thought I would work on when I was busy running around configuring modems and patch panels. But here we are.

I have been lucky enough (or unlucky, depending how you view it) to experience and bear witness to some of cybersecurity’s greatest game changers. Like the Slammer worm in 2003 — that sicko V.D. of a worm that slammmed networks around the world before you could say buffer overflow. I recall it so acutely because it was so painful for a client of mine, who lost connectivity to their entire trading floor within minutes. Back then, our defenselessness was laughable. We had perimeter firewalls and reactive patches — and the worm ripped through anyway.

Here’s the truth: while technology changes, some basics don’t. The fundamentals of defense in depth, the requirement for appropriate segmentation, and the importance of good monitoring are still here. But today, the attack surface has exploded — cloud, mobile, IoT — it’s all connected. That’s why zero-trust was never just a buzzword; it should have been a requirement.

I literally just completed three major zero-trust upgrades with banks last quarter. They’re not created just to throw on cool tech. It’s about changing the mindset. Trust no one, Assume everyone is out to get you, Trust but verify. It’s a cultural shift, not just a technical one.

What Zero Trust Really Means (It’s Hard)

A lot of people believe zero trust is a thing you purchase. Wrong.

Zero trust is an architecture — a tenet of proving that a the user, device, or app deserves access before you give them the keys.

Here’s a fast breakdown of the key tenets of the approach:

  • Never trust, always verify. Every access is examined—even from within your network
  • Least privilege access. Users and devices receive the least privileged permissions they need
  • Assume breach. Expect invaders to get in and restrict their damage

And no, throwing up an AI-powered firewall (I’m skeptical of that buzzword) won’t save your bacon. Watching the hardware hacking village at DefCon last week was a reminder of how if a gadget is poorly designed or misconfigured, a savvy hacker can find a way around it.

Password Policies and Multifactor Authentication

Which brings me to a rant about passwords — because zero trust often translates to multifactor authentication and improved credential hygiene. But I continue to see organizations referencing password policies that could have been drafted by a sadist:

  • Change your password every 30 days even if it’s still good
  • And it needs to have uppercases, lowercases, specials, digits
  • You can’t use 24 old passwords.

Seriously? That is a recipe for sticky notes on monitors and the use of the same password on multiple systems. Here’s my counter-advice:

  • Use long passphrases instead. Way more memorable and more secure
  • Enable multifactor authentication everywhere
  • Train users instead of punishing them with the impossible policies

Hardware Hacking Village at DefCon: What I Learned (and Why You Should Go)

I just returned from DefCon and the hardware hacking village was a hit. If you were a doubter of the physical security part of the cybersecurity equation, then you no longer are.

Here’s one nugget from those sessions:

  • Many hardware devices (even some enterprise gear) have debug ports or default creds left exposed unintentionally
  • Side-channel attacks are also frighteningly effective (these are where hackers read keys by simply measuring power consumption or electromagnetic emmisions).
  • A trained adversary can implant a persistent hardware or firmware backdoor quicker than you’d think

What this means for your business

As the saying goes, your security chain is only as strong as your weakest link, hardware included.

The software patches are what we hear the most about — less so with the devices themselves. I always counsel clients:

  • Inventory your devices regularly
  • Lock down / disable debug, maintenance ports
  • Implement tamper detection and hardware encryption where available

Essays Reflecting on Mistakes: Why Even Old Dogs Can Learn New Tricks

I’m not some cybersecurity oracle. I made plenty of mistakes. When I first started network management, I didn’t do a good job with monitoring. I thought my fattish perimeter firewall was my castle wall. Guess what? Attackers went around it.

It’s humbling — but a real lesson It’s humbling — but a real lesson:

You can no longer depend on a single layer of security. “Defense in depth” is not just a fancy term — it’s a requirement.

Quick Take: What Every Business Can Do Right Now

Pressed for time? Here’s my no-nonsense checklist:

  • Evaluate your current security posture—understand your assets, your highest vulnerabilities
  • Adopt zero-trust principles — even if you have to start small, get started.
  • Train employees — your best (and worst) line of defense
  • It pays to routinely audit hardware and software–and never forget physical security
  • Revisit your password policy and make it user friendly.
  • Watch out for the AI buzzword trap — the tech alone won’t make you superhuman

Why Managed NOC Services & Old-school Gear Still Count

Before you throw everything out and go cloud-native, just remember the base. Good firewalls, routers, and servers that are configured and maintained properly—these are still the bedrock of your security infrastructure. Yes, cloud is flexible, but your on-premises kit, it’s the stuff that stops determined attackers.

At P J Networks, when it comes to our managed NOC services, we mix years of networking experience (yes, we’ll take you all the way back to the PSTN) with cutting edge cybersecurity to offer NOC services that keep an eye on things AND actively chase down threats.

Nothing normalizes a team like being human. With a little experience, some curiosity and a lot of caffeine.

Cybersecurity and networking

Cooking the Cyber-Security Curry

The Cybersecurity is very much like making a complex curry. The ingredients must be fresh, the timings exact and the process consistent. Toss in a rogue spice (that is, an unexpected hardware flaw, or a zero-day exploit), and the whole dish can go south quickly.

But — here’s the kicker — it’s very doable if you do it with respect and empathy. Don’t get taken in by silver bullets or marketing fluff. Go back to the basics, remain curious and create a culture of security.

I know, it’s exhausting. The threat landscape shifts daily. But that’s why I love this discipline. It keeps me on my toes. And if you let it, it will protect you, as well.

We’ll be off for the next week for the holiday, so keep those firewalls hot.

– Sanjay Seth, to my desk at P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Let’s Talk About How Can Help You Securely Advance

Get A Free Quote