RE: Worms, Air Gaps and Responsibility

[Dana Nowell <DanaNowell () cornerstonesoftware com>]

At 11:06 PM 5/17/2004 -0500, Frank Knobbe wrote:
[snip]
> Perhaps for viruses, but not for worms as these devices tend not to be
> permanently wired or reachable.

Yup.  So imagine a case where you have an internal worm/virus outbreak and
you clean up.  Next day it is back, you scour your network and clean up
everything.  Next day it's back, eventually you find some guy syncing his
Palm to his desktop or an intermittently connected  wireless iPaq is the
root cause, chase that one down.  

As a general case, I'm whining about intermittently connected devices
having direct access to the internal network.  We talk about all sorts of
restrictions on home PC connections, what about the 'next generation'
(based on roll-out not technology) wireless devices (bluetooth, WiFi,
802.11)?  Assume you have a PDA like device in your pocket and are walking
down the street.  Guy with an infected phone walks past and BAM, welcome to
the nightmare.  Is that today, no.  Is that within say 5 years, possibly.
Show me YOUR plans for firewall protection of bluetooth, wireless USB, and
similar connections (yes some stuff is/can be built in by design but buffer
overflows and other exploits can be built in by accident;).

But hey, that's not real today so no short term pain no short term
solution.  Eventually I'm pretty sure it will become a short term issue
with some level of pain.


> Several years ago, the folks from Phenoelit were presenting exploits on
> Cisco routers and HP printers. I had $20 on a worm that spreads through
> printers since there are frighteningly many printers directly connected
> to the Internet (after all, it's just a printer, right? :)
> Likewise, a worm ripping through Cisco routers gives me the creeps, but
> luckily these are often setup with a decent or secure enough
> configurations. (I don't recall there actually being a printer worm.)
>
> But what about Cable modems or DSL routers? Any component that is not a
> computer, or has services open, tends to be ignored/dismissed too
> quickly. Once we were shown that laser printers can be converted to do
> thy bidding in the form of password brute forcing and other... uhm...
> non-paper related tasks. Who would have thought...

I don't connect printers directly to the net so I hadn't thought of that.
Cable/DSL modems are an issue but since they're on the outside of my
'router' they are considered 'red zone' devices anyway.

> But you are right... It seems I'm dismissing cell phones and PDAs here,
> and I shouldn't be doing that.

I don't think cell phones are a real big issue now but convergence between
cell phones and PDAs with wireless connectivity and a VPN thrown in is a
scary concept.  As people have said for awhile now the days of Red and Blue
zones are over, unfortunately most people lack the
skills/intelligence/money/clout to bury the corpse.


-- 
Dana Nowell     Cornerstone Software Inc.
Voice: 603-595-7480 Fax: 603-882-7313
email: DanaNowell_at_CornerstoneSoftware.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards