Re: Firewall Primitives

["Stephen P. Berry" <spb () meshuggeneh net>]

> This is the
> kind of thing I was talking about a few months ago: make it
> illegal/impossible to run a PC with Windows that doesn't have
> an antivirus program (a simple technical problem: make it part
> of the O/S and boot process...) and mandate personal firewalls,
> etc. Sure there are technical details I'm blowing over but you
> could take a HUGE bite out of the problem by just making stupidity
> no longer an option...  But I don't think I want to live in that
> kind of world.

This sounds good as a technical solution (although, as you note, failing the
happy/friendly test), but it's insufficient.  Compliance with security policy
is an issue at, for example, TLAs...and they can shoot people.  This implies
that the problem is intractable.

As I alluded before, I've diddled around with some models of large-scale security
problems---i.e., not on the scale of individual organisations, but on the scale
of entire industries, sectors, and so forth[0].  The idea is that by analysing
a model one might see how different factors affect the position of the various
interests as well as the overall situation.  From this, one hopes, one can both
develop better strategies for one's own position, as well as being able to determine different strategies one's 
opponent(s) might employ---and learn how to
recognise them when they appear.

So much for the theory.  The thing is that there really seems to be no way to
feasibly protect all the tiny, diffuse resources.  They're just never worth that
much to the whitehats---by protecting them, the blackhats are denied access to
them, but that really doesn't -advance- the whitehat position...and so they're
generally not worth the expenditure of resources to protect them.  Note that this
is partially a function of the model---we're looking at a cost/benefit analysis
at a much higher level than individual organisations consider it.  Nevertheless,
the basic situation is analogous---the whitehats end up trying to hold their
ground, whereas the blackhats are able to shift short-term goals and methods
while still advancing their long-term goals[1].

In such a model, it may well be that the winning strategy for the whitehat is
to arrange his resources and assets such that he can afford to have a significant
portion of otherwise neutral assets in the hands of the various blackhats at
any given time.  Indeed, it may be to the advantage of the wily whitehat to
(actively or passively) allow certain `neutral' resources to become attractive
to one blackhat group specifically to prevent it from being used by a different
group.  For example, if some blackhats always attack the lowest-hanging
fruit, it may be to the advantage of the whitehat to insure that the assets that
are most useful to him are never the lowest fruit on the tree.  In some circles,
this is known as a gambit.

I'm not advocating anything here, mind you---just suggesting another way of
looking at the problem as a whole.  The catchphrase is that security is a
process, not a product.  I'm just adding that it's a process that exists in
a context larger than your organisation[2].






-spb

-----
0       Hey, I can't spend -all- my time writing statistical IDS code of
        questionable utility.
1       "Just demonstrating the vulnerability" kiddies, industrial espionage,
        data-yearns-to-be-free cryptoanarchy, (not your) government-sponsored
        infowar, terrorism, file-sharing zealots, industrial spamslingers,
        and so forth.
2       This perspective suggests itself when you spend some time as a consultant
        and get absolutely sick to death of seeing the same handful of problems
        everywhere.  This is why I hate being a consultant.

Attachment: _bin
Description: