Success Through Automation

5:58 PM -- Once in a while, when flipping channels on a Sunday night, I come across Andy Rooney on 60 Minutes and have to watch (an obvious carryover from my childhood). This week, Mr Rooney was discussing the time he spends watching football on the weekends and the occasional trip to a New York Giants home game. After expressing his frustration about the marketing and transportation for the home games, he questions why he even bothers when he could watch it at home where he can skip the commercials. Mr Rooney says, "I'm not saying it makes sense. I'm just saying that's what I do."

In the computing world, there are things that we do just because we do them. They don’t make sense, but they’re learned behaviors that take a while to shake. Having begun my career in a Windows world, there was not a huge focus on automation at the time.

Moving to Linux and Mac OS X (and working with some extremely talented *nix sysadmins), I’ve learned that creating scripts to automate simple and complex tasks saves a lot of time and keeps me from fat fingering a command. Things from connecting to servers, running commands on a dozen IDS sensors, and backing up my desktop are all scripted now.

A simple fact of life is that human beings make mistakes. IT security is no different, especially, in the heat of the moment. Automation and repeatability is one way to avoid common mistakes. Whether the tasks are related to vulnerability scanning, daily log review, or incident response, automation can reduce time to do operational tasks and prevent babysitting of mundane scanning jobs. Repeatability is crucial to forensics and incident response. It gives investigators the ability to stand up in court and say this is what I did and why I did it.

There are many methods of automation and it will depend on your environment. I find bash shell scripts (think batch files if you’re on Windows) the most convenient and efficient way to do my daily work. Our programmer, Jim, uses Ruby for most things. Find what works best for you and learn how to do it well. You’ll suddenly find yourself with more time to enjoy your morning coffee and catch up on RSS feeds.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading