(With apologies to Richard Bolles)
I was reading through my Twitter and came across this idea, taken from real life experiences of operations managers. The idea is to have an enterprise network-wide kill switch that can disconnect you from the internet and shut everything down as quickly as possible, in case of various emergencies.
Remember a common scene in many movies where the bomb squad comes in and tries to disarm the weapon? Armed with nothing more than a pair of wire cutters, they have to find the (always it seems) red wires and cut them just before the countdown clock reaches zero, while the dramatic musical score swells to a nail-biting crescendo.
So here is one suggestion: Use red patch cords in the networking closet and other critical locations to indicate the actual cables needed to be yanked in case of cyber emergency. Better yet, document their locations in your incident playbooks and other places where you have your network documentation. (That assumes your documentation is actually up to date with the reality of your cable and server plant, which isn’t always a safe assumption. Here you can see a memorable pic of the time I visited one of CheckPoint’s labs and the sad state of this particular wiring closet.)
Now, in real life, things aren’t so simple. There are various dependencies among your equipment, and chances are just pulling the cables may cause more damage than it solves — depending on the particular emergency you are responding to. And as I wrote in that blog linked above, taking documentation seriously means keeping up in near-real-time with any changes to your network and applications infrastructure, otherwise it quickly becomes useless.
Happy holidays for those of you so celebrating.