The Six Dumbest Ideas in Computer Security

Transcript

1. Basics of Security The Six Dumbest Ideas in Computer Security

2. First a Question ❖ What is wrong with computer security

   today?

3. What are the risks? ❖ Hacking ❖ Malware ❖ Social

   Engineering ❖ Misuse ❖ Physical ❖ Error ❖ Environmental ❖ These are the things that cause instability in our IT services pyramid.

4. What are the assets? ❖ Health information ❖ Credit card

   information ❖ Online banking ❖ Personal Privacy

5. Combine the two ❖ Combine the sources of instability with

   the assets and you get

6. How did it get this bad? ❖ That’s where the

   six dumbest ideas come in ❖ This is the genesis ❖ This is where it all went wrong ❖ This is the most important thing you will learn in this class.

7. Background ❖ The Internet wasn't supposed to be what it

   is. ❖ It was just a research project ❖ Everybody knew and trusted each other. ❖ Nobody would ever do business on this thing!

8. Background ❖ The Internet was engineered to solve the problems

   that it faced in its infancy. ❖ Connections were unreliable, so there is a lot of error checking. ❖ Memory was scarce, so protocols are low on overhead.

9. Background ❖ We were just trying to make this incredible

   thing work. ❖ Security wasn't on our minds. ❖ Just make it work. ❖ We could always secure it later. ❖ Have you ever caught yourself thinking that?

10. Background ❖ That was the environment that lead to the

    six dumbest ideas. ❖ We built it that way, but we couldn't fix it. ❖ Too many people depended on it. ❖ We were too busy building the next addition (which repeated the 6 dumbest ideas)

11. Background ❖ We finally got TCP/IP working, but people can

    forge the source of packets. Should we fix that? ❖ Not right now. I really want to make this DNS thing work.

12. Background ❖ DNS works, but people can spoof responses and

    redirect users. Should we fix that? ❖ Not right now. I think we should focus on creating "e- mail".

13. Background ❖ Email is working, but this is a mess!

    We've got spam and hacking. We have to fix these problems! ❖ Hey look! I made a "facebook" and a "twitter" and a "myspace"

14. Today ❖ The Internet has become mostly a naked lady

    machine that steals from us. ❖ So what were the six dumb ideas?

15. Default Permit ❖ By default you allow programs, people, and

    machines to do whatever they want. ❖ The most powerful of all the six dumb idea. ❖ So powerful that the next two ideas could be its children.

16. "On my computer here I run about 15 different applications

    on a regular basis. There are probably another 20 or 30 installed that I use every couple of months or so. I still don't understand why operating systems are so dumb that they let any old virus or piece of spyware execute without even asking me. That's 'Default Permit.'" -Marcus Ranum

17. Default Permit ❖ The opposite is default deny. ❖ Default

    Permit: "You're all allowed to date my daughter unless I say no." ❖ Default Deny: "None of you are allowed to date my daughter unless I say yes."

18. Enumerating Badness ❖ Trying to make a list of everything

    bad. ❖ Blacklisting instead of whitelisting. ❖ Antivirus software is the classic example.

19. Enumerating Badness ❖ Would you rather: ❖ Make a list

    of everyone that is NOT allowed to take money out of your checking account. ❖ - OR - ❖ Make a list of everyone that IS allowed to take money out of your checking account.

20. Enumerating Badness ❖ If you catch yourself doing this then

    it means that you already screwed up somewhere. ❖ Combat this with "Artificial Ignorance." ❖ Enumerating badness is internal evidence of our security failures.

21. Penetrate and Patch ❖ This is dumbness in our response

    to external evidence of our failures. ❖ If your system is hacked, then you know there is a flaw. Patching is a quick fix until you can re-engineer the problem away.

22. Penetrate and Patch ❖ Unless you never go back and

    do the re-engineering. ❖ Patching is where you don't address the root cause of a problem you created.

23. Penetrate and Patch ❖ This does NOT mean that you

    shouldn't apply vendor patches. ❖ You have to work with the security tools that you're given. ❖ This does NOT mean that you shouldn't patch software you write. ❖ But you better be working on fixing the root cause or you'll just find yourself writing another patch next month.

24. Penetrate and Patch ❖ Somebody discovers that a carefully crafted

    packet will make your database crash. ❖ Good Idea: Issue a patch to stop that packet while you study the problem and fix the underlying issue. ❖ Dumb Idea: Issue a patch to stop that packet.

25. Hacking is cool ❖ This is a societal problem so

    I don't think there is much you can do about it. ❖ We all marvel at Danny Ocean stealing from the Bellagio. ❖ We don't marvel at the guy that built a safe so secure that it took 11 people months of planning to break in.

26. Educating Users ❖ I can't agree with Marcus entirely on

    this one. ❖ It isn't the first time that Marcus and I have disagreed. ❖ What he is trying to say is that rather than educate users, we should engineer systems so that the user doesn't need to be educated.

27. Educating Users ❖ But we have to live in the

    real world where people didn't engineer things that way. ❖ My modified rule: if user education is the only thing standing between you and failure, then prepare to fail.

28. Action > Inaction ❖ This dumb idea is seen when

    people want to upgrade a working system just for the sake of upgrading. ❖ Changes are the enemy of stability, we learned that last 2 weeks ago. We should only change when we have a compelling reason to change.

29. Action > Inaction ❖ "It is easier to not do

    something dumb than it is to do something smart." -Marcus Ranum ❖ Letting other people fail is an outstanding, free test environment.

30. Review ❖ Default Permit ❖ Enumerating Badness ❖ Penetrate and

    Patch ❖ Hacking is cool ❖ Educating Users ❖ Action is better than Inaction ❖ You will be tested on this!

31. Marcus Ranum ❖ This is Marcus. He is going to

    show up whenever we see one of the six dumbest ideas in this course. ❖ Marcus didn't give me permission to do that. He will likely punch me when he finds out.