Re: The Future of Security

[David LeBlanc <dleblanc () mindspring com>]

At 01:33 PM 12/6/99 EST, Randy Witlicki wrote:
>  David wrote:
> > At 04:54 PM 12/2/99 -0600, Don Helms wrote:

> > > To many times, it's the simple stuff that folks forget to lock down.

[left in message for emphasis]

[I said:]
> > Then what bothers me even more is that these
> > Java-based gizmos want to work across my house wiring.  So once I get all
> > my appliances running that, now I need a firewall for my exterior
> > electrical sockets or some kid will plug a gizmo into the outside of my
> > house and have the kitchen looking like Mickey and the brooms in the
> > Sorcerer's Apprentice...

>  Well, in *theory* at least, things like the Jini initiative
> are trying to do what Marcus has ranted about over the past
> few years - Throwing out all the current bad practices which
> emphasize perimeter security and rebuilding our protocols and
> so on at the individual host level.
>  Of course, we have to make sure the design is correct and that
> we implement it correctly, but what else is new ?

[included by Randy]
> AR.2.1.4 Security 

> The design of the security model for Jini technology is built on the
> twin notions of a principal and an access control list. 

Although I agree that you can't make perimeter security the ONLY thing that
keeps you secure, stuff like this is why I don't want to abandon it entirely.

Further, we've got some very real conflicts going on when we're talking
appliances.  I have a friend who has a way to make a common kitchen
appliance work much better, and he's trying to get the manufacturers to
implement it.  These people seriously worry about cost differentials of $1
or less.

So, I expect the processing power of these Java-enabled gizmos to be as
small as possible, which also tells me that the IP stack isn't going to be
sophisticated, and experience tells me that means they are probably prone
to DoS attacks.  Next, we're talking about basing the security of these
devices on some sort of ACL, yet they are supposed to 'discover' one
another.  Discovery implies 2 things - one is that they will be chatty, and
the other is that they will respond to requests for at least a minimal
amount of information about themselves.  Both of these aspects tend to
cause security issues.  Basing security on an ACL means that they will have
to ship with some default (* in the .rhosts file, anyone?, or how about
Domain Users with the right to log on from the network?) that makes for a
nice out-of-box experience.  Then we'll have most people never changing the
default, which leads me back to a situation where I could very easily have
Mickey and the dancing brooms.

Prediction:
Securing the household appliances from the Internet will prove much too
difficult for the average person who can't program their VCR, and some sort
of very cheap and limited firewall appliance will be part of whatever is
used to connect your average household to the net.  I also predict that at
some point in the future, teenagers will be able to cause mayhem by
plugging a device into an exterior household power socket, and that this
will be deemed far superior to smashing mailboxes or lighting bags of dog
feces on fire and ringing the doorbell.


David LeBlanc
dleblanc () mindspring com