RE: Castles and Security (fwd)

[Ben.Grubin () guardent com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These thoughts are great if you keep your scope purely limited to
script kids.  When you focus on the larger issue of defense against
agressors, much of this doesn't apply.  I'm not afraid of script
kiddies.  I'm afraid of the person who knows what he's after, is well
motivated to get/destroy it, knows the lay of the land, and knows
your defenses.

No matter how good a castle/walled city/etc/etc/ad nauseum's defenses
are, if there's someone inside to drop the drawbridge, none of this
is relevant.  As has been discussed on this thread before, the goal
should be to protect the crown jewels, NOT the network at large.

Cheers,
Ben

- --------------------------------------------------
Benjamin P. Grubin            bgrubin () guardent com
Guardent, Inc.             http://www.guardent.com
PGP Key:  D33D 22C2 6552 0F6B  44E4 5254 0172 0E10

"The world isn't run by weapons anymore, or energy, or money.  It's
run by little ones and zeros, little bits of data.. it's all just
electrons."
   

> -----Original Message-----
> From: Robert Graham [mailto:robert_david_graham () yahoo com]
> Sent: Thursday, January 11, 2001 5:02 PM
> To: firewall-wizards () nfr com
> Subject: RE: [fw-wiz] Castles and Security (fwd) 
>
>
> Hhhmm.
>
> Ancient castles weren't about "defense", but "offense". A 
> castle served as a
> base of operations from which warriors could sally forth, strike
> their enemies, then retreat back to safety. Castles were placed on
> hills overlooking key commerce areas (e.g. rivers) as a way of 
> extracting tolls
> from passersby. Even in cases where castles were primarily
> defensive (Carcasonne), they were designed for temporary refuge for
> peasants to come
> in from the fields while the troops could sally
> forth/attack/retreat. Indeed, a synonym for "castle" is "retreat".
> The common 
> people didn't live
> in castles, they were primarily designed as temporary refuges 
> and positions
> of power to control the surrounding region. (I.e. a good 
> offense is having a
> good defense).
>
> When you think about it, major cities of the ancient world 
> were not built
> like castles. The reason for the city's existence was trade 
> and commerce.
> Fortifications that would keep out a major army would only 
> impede commerce,
> removing the purpose the cities existence in the first place. A
> city's protection lay not in the flimsy walls that surrounded it,
> but in the ability for its army to meet the approaching army. This
> is 
> why Rome was
> sacked - it was wide open to the invaders. As Marcus points out,
> large cities are not defensible using a castle mentality.
>
> Neither are networks. This is a source of great conflict 
> within companies as
> business people want to open up their networks. They are in
> constant conflict with their own security people. The firewall
> nazis 
> want to pull up
> the drawbridge and hide behind their castle walls. But your 
> network isn't a
> refuge that you hide behind, but an open marketplace. Your 
> goal isn't to
> defend the network, but to defend commerce.
>
> I really dislike the entire class of military analogies. 
> Warfare is about
> battles, well-known enemies, two parties fighting and 
> responding to each
> other. There are occasional "battles" like the IRC wars, but 
> most "hacking"
> has little in common with the military. There is a love of 
> the cyber-warfare
> analogy that leads to natural conclusions like the outlawing of
> cyber-weaponry. However, most people don't quite get the 
> difference between
> an analogy and the real thing. There is no spoon. 
> Cyber-weaponry doesn't
> really exist as such, though it is certainly a fun way of 
> talking about it.
> (Most cyberlaw these days deals with these imagined stories 
> that appeal to
> the masses, little applies to the real thing).
>
> Personally, I feel a better analogy is something like the dikes in
> the Netherlands. They hold back the tide. The ocean isn't the 
> "enemy" you are
> battling, but a fact of life you have to deal with; a force 
> of nature. You
> don't get mad when the dike breaks and the ocean floods your 
> village, you
> just repair things and move on.
>
> The reason I choose this analogy is that a better model for 
> the script-kiddy
> problem would be to look at them as wild animals. If a lion 
> comes into your
> village and kills your neighbor, you are unhappy, but you 
> don't angry at the
> lion. It is just responding to animal instinct. You certainly 
> hunt it down,
> though, and defend yourself, but in a dispassionate sort of 
> way. In much the
> same way, machines exposed to the Internet have to deal with 
> a background
> radiation of script-kiddy probes. It isn't worth getting 
> angry at them, they
> are just animals responding to their instincts. They are a 
> force of nature,
> like the wind and tides.
>
> The reason I prefer this model is that with military 
> analogies, you think in
> terms of "enemies". Script-kiddies aren't your enemy, they 
> aren't out to get
> you in particular. The distinction is important when trying 
> to create a
> model that defends against Internet attacks. Think of the 
> classic Birthday
> Paradox: in a room of 23 people, there is a > 50% chance that 
> two people in
> the room have the same birthday. The reason this is a 
> "paradox" is that the
> model people use in their minds is thinking of the 
> probability that one
> other person in the room has the same birthday as them (which 
> is indeed a
> small chance). In cryptography, we have the same problem. 
> Consider a cryptog
> raphic hash of 64-bits. This means that there is a one in 
> 2^64 chance that
> somebody can create a message that has the same hash as your
> message. However, there is only one in 2^32 chance that somebody
> can create two messages with the same hash. What this means is that
> if I 
> have one message,
> the difficulty of you finding another just like it is 2^64.  
> However, let's
> say that you want to create two contracts with the same hash, 
> after I sign
> the first promising to pay you $1, you substitute the second 
> where I promise
> to pay you $1-million. This has a difficulty of only 2^32. (This is
> of course a gross simplification, I'm discussing Birthday 
> Paradox, not crypto).
>
> Today's security people think in the same way. The use a 
> military model
> where they calculate the risk that a hypothetical enemy will 
> compromise
> their system. However, from the Birthday Paradox model, the 
> risk is actually
> much higher when you think in terms of many simultaneous 
> "enemies". There
> was a recent incident in the news where a big company got 
> hacked by a script
> kiddy: the hacker wasn't going after that victim in 
> particular, but once
> they found out who it was they hacked, they certainly took 
> advantage of it.
>
> One of the things that worries me about the (faulty) analogies is
> that people are trying hard to separate black from white (I see 
> only shades of
> gray). We've grown up in the TV/movie era where the bad guys 
> are not only
> clearly evil, but know that they are evil. In real life, people
> that everyone else sees as evil do not consider themselves evil. A 
> couple years
> ago, there was a mafia hit-man in the news. Even though he 
> had killed over
> 20 people, he considered himself a good, god-fearing person; 
> it was simply
> his job. Most "hackers" are the same way. I've never met one 
> that considers
> himself "evil", just misunderstood.
>
> Likewise, consider a model for cyber terrorism. The news, of 
> course, is
> playing up the fears about a new wave of hacktivists. This 
> doesn't match
> what is really going on. The way people view real terrorists 
> isn't very
> accurate. The majority of terrorists aren't people who 
> rationally determine
> that violence is the best way to achieve their goals. 
> Instead, they are
> typically inherently violent people who are looking for ways 
> that they can
> feel good about carrying out their desires. So called 
> "hacktivists" are the
> same way: they just want to hack, but they don't think of 
> themselves as evil
> people, so they are looking for justification as to why it is 
> ok to hack.
> Choosing the right model is important. One model says that 
> there will be a
> new level of attacks as terrorists get a hold of hacker 
> technology, the
> other model says that the level won't change, but the tone of 
> their messages
> will become increasingly political.
>
> I'm sorry for getting long winded here, it touches my 
> philosophical nerve. I
> disagree with most the industry standard models. Choosing the 
> correct model
> has a big influence on how successful you will be.
>
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOl9AKSmSO0d5/rT7EQL1yQCg1pssTXGHEJ+yVuIHKZ7df7Pz+MQAn1fU
PNM87DeQtWrjKh2zshH8Opk+
=g4lt
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards