Comments: Industrial Espionage using Trojan horses

(WARNING: Nothing new here, just a fairly common opinion which is painfully often ignored by decision-makers)
Securing universal computers against well-funded adversaries "in collusion" with careless users is hopeless; primarily, because security (against any threat) cannot be positively demonstrated.
As far as preventive security goes, I do believe, however, that it is possible to secure specialized computers (against specific threats, of course) and this is where high-end preventive security lies in my opinion. Instead of perimeter-security, one should, perhaps, compartmentalize the network. It can be perfectly okay to use computers that would be insecure in a general purpose networked environment for composing sensitive documents, as long as information can leave and enter these computers through well-controlled choke-points. E.g. if the only ways of communication with the outside world would be the display, the keyboard and a network connection through which one can upload and download files (encryption happens on the other end of the connection). Even a total compromise of this computer would not leak secrets. This is much easier said than done, but even an incomplete solution with these things in mind would be much better than no design at all.
The other important matter is reactive security. Users could do a lot more to keep their computers safe, if only they had incentives to do so. This means that security breaches should have not just company-wide, but personal consequences for those responsible. Often, executives think that this is simply a matter of finding and punishing the guilty, but I disagree. It can be achieved much better by replacing command hierarchy with free-market relationships. Example:
Instead of telling employees to take stuff from A and deliver them to B or else..., one could sell stuff at A for less, and buy it at B for more. If people render paid services instead of selling their time and following executive orders, security can become their personal matter.
Finally, I think that the law should place a lot more responsibility on the victim. Don't try to solve technical problems through legal means. The reason society has harsh laws against violence is that physical protection against violence is unaffordable. This is not true for digital violence. In most cases adequate security is affordable, but people are obviously reluctant to pay for it, unless they have to. In addition, security is, to some extent, a commons. An insecure network is everybody's problem, not just the owner's. As long as we try to shield those who fail to secure their computing infrastructure from the consequences, we are harming the society as a whole. Lost your secrets? Watch them better next time!
And let evolution do the rest of the work...

Posted by Daniel A. Nagy at June 1, 2005 05:12 AM

I have been into IT since 1960 (Stretch + Fortran-2) and I now lecture on IT (In)security.
There is one thing that I have learned.
IT Security is a myth.
If you have the desire and the dosh you can get into almost any system.
Optical TEMPEST (both forms) bog standard TEMPEST, Bugs, Trogens, and the "3Bs" of social engineering ( Bribery, Blackmail and/or Beating).
I have reciently seen a system that cost thousands that could be broken into just using FREE, open Source s/w.
I used to say that Microsoft should be as safe as a combination safe... until
I found out how 2 open one in under an hour just using a pencil and graph paper.... yes its that simple, you don't need Superman's hearing, or a stethascope, just try each if the 100 graduations and note the free-play on a graph paper, in both directions, and then its only 3x2x1 tries for a 3 disk lock and 4x3x2x1 for a 4 disk one.
Try it, you will be shocked at how "safe" your safe is!
Simarly, I spent a lot on a wired security sytem for my house.
Magnetic switched on all doors and windows.. yet with a £3.50 pocket compass and a magnet I find that I can defeat the switches and with an aerosol can beat the PIRs.
Most security will only stop the ignorent and incompetent!


Mike.

Posted by MikeO at July 31, 2005 12:50 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55a8fbd290c0) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.