There are many subleties to security mangament, and I am no expert in these affairs. But I can spot that your post is very focussed on technical problems and solutions. Some of the numbers you quote seem a little off to me, but I respect the depth and breadth of your knowledge on matters technical. If you say there's a problem, there is a problem. However technical issues are only one part of proper security management, which is just part of ordinary risk management. Looking at the whole situation shows that the situation is not so bad.
I'd like to mention the risk-damage-payoff matrix. You've probably seen it, so I'll just mention it here for completeness, and for any other readers who haven't. You can make it very complicated, but it looks kind of like this (excuse ascii text):
|harmless| mild |catastrophic| ----------+--------+------+------------+ h.unlikely| 0 .2 .7 unlikely | 0 .3 .8 maybe | .2 .5 .9 likely | .3 .7 1 certain | .4 .9 1
The table is filled out with some values representing the amount of time/attention/effort you should spend safeguarding against the threat. Filling out the matrix is a difficult thing to do, and depends on the situation. You can almost ignore threats that are harmless and unlikely. If you are faced with any threats that are certain and catastrophic you should eliminate them, or find someone to blame. In between, you should be deploying an appropriate response.
Now I can evaluate security threats more effectively. I'll go through a few scenarios that tilly mentions, and one he doesn't:
* Crashes computers - The fork bomb
Harmless and unlikely. At the worst I have to get up and power-cycle the server. I can cope with this.
* Compromises data - The root kit
Maybe and mild damage. A root kit means that somebody wants the machine to keep working. As long as it keeps serving, our business is not lost. I can cope with a root kit, and deal with it at my leisure.
* Destroys servers - Fork bomb replaced with rm / -rf
Catastrophic and unlikely (why do this when you've gone to the effort to hack my machines?). This would sink our business. Good thing I keep backups. With backups the damage is 'mild' - loss of business due to downtime and some data loss.
Technical solutions always go hand in hand with management and procedural solutions. You tell me that my machine could be hacked once every three days? Fine, I'll hire someone to rebuild the machine every three days. I'm much more worried about network DoS attacks, because I can't control or minimise my risk there.
Most security problems occur not because of technical flaws, but because people are intent on shooting themselves in the foot. They write their passwords on post-it notes and stick it to the monitor. They write their PIN numbers on their ATM cards. We will eventually have secure operating systems, but the idiots running them will manage to compromise security by ignoring procedures that could protect them because these procedures are inconvenient. The only way to really secure something is to set it in concrete and then dump it in the Grand Mariner trench. If you want people to actually use it, you have to accept the risks, and start working to cope with them.
____________________
Jeremy
I didn't believe in evil until I dated it.
In reply to Re(Jepri) 2: Obfuscation and viruses
by jepri
in thread Obfuscation and viruses
by WrongWay
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |