Brown Hat Security - A NetAdmin's Manifesto

This is my network. Anything inside this gateway is mine. Any traffic within this network only exists because I allow it. Any systems connected to this network are only there on my sufferance. Every frame on the LAN, whether wireless or wired, is there only because I have explicitly decided to allow it.

My LAN is an endpoint that exists to serve my users. It is my responsibility to protect those users; it is my duty to shepherd the traffic that they require to perform their duties between the gateway and their client systems.

I am my users' proxy on the internet; I am the internet's proxy for my users. I am the Dweller on the Threshold. I am the one who sits between. It is by my hand and my will that a connection occurs.

It is my duty to ensure as fast and responsive a network as possible for my users. It is also my duty to ensure that my users are not attacked by the hostile forces beyond my gateway.

The internet is filled with malice, with both random acts of violence and carefully targeted attempts at sabotage. Every attempt at my users' safety must pass by my gateway and flow over my network; therefore, any attempt to harm my users must occur because I have allowed it.

Allowing others to harm my users is a breach of my duty; therefore, I must not allow these attacks across my network. I must use every tool that I have available in this endeavour.

My tools are the hammer and the axe, to cut hostile connections as they are formed and to build walls to keep attackers out.

Anything more precise would be an intrusion into the privacy of my users. It is not right for me to peer into their sessions; to dictate what they can and cannot see - that way lies madness.

These tools are blunt. I cannot use a scalpel to carve only the diseased and rotten parts of a transaction out and pass along the rest - to attempt this would mean abandoning my duty towards my users to provide prompt and accurate delivery of their requests. It would mean meddling in the affairs of my users, in which I have no business meddling, and would make me responsible for the function of their systems.

I keep one eye shut. I cannot allow myself to abuse my position as the keeper of the gate. My ethics forbid it: it is not my place to meddle with what my users wish to do. It is my duty to keep them safe, not to control them.

I am the man in the middle, and I must not abuse the power this position gives me.

I am a NetAdmin, and this is my manifesto.