Brain21 <brain21 @
montag33 .
residence .
gatech .
edu> writes:
>I would not be
>surprised if many of the security experts out there worked on less secure
>machines than what they set up for their clients.
I'll tell you the secret, if you promise not to spread
it around. :)
The box I'm using here ("here" is V-ONE's Baltimore office; my
house) is a BSDI box running an older rev and I probably haven't patched
all the patches I should. Its got a lot of unnecessary services stripped
out, but you can, for example, even use "finger" on it. That's because
this box is just an access point. The important stuff takes place on
another machine upstairs, and on a Windows95 PC that's right next to
it. Data crosses the air gap on floppies, when it has to, which is
seldom. There isn't any special security or anything on "switchblade"
because there doesn't need to be.
Now, here's the secret:
1) My home computer security architecture is the result of
a carefully thought-out risk assessment and
requirements analysis. It goes like this:
a) I have important stuff on my Windows PC and PC
networking sucks so I can make my life a
lot easier by just not worrying about getting
my PC running TCP/IP and it'll be secure besides.
b) I only seldom need to transfer data between the
Windows PC and the Internet, and when I do it
is important stuff so having a spare copy on
a floppy is a Good Thing.
c) Swapping floppies is technically gross and someone
may laugh at me, but I can live with that.
d) I have a complete copy of the machine on a DAT.
If someone fries the system I'll be back on
the air in a few hours. I'll be inconvenienced.
e) I can't afford a firewall, and don't know how to
build one.
2) The residual risk is that someone might break into switchblade
and announce that they had "hakk3d that l8m3r mjr"
and it'd probably cost me a few hours explaining to
people why that was Not A Big Deal and it'd be very
irritating, and I'd have some after the fact damage
control and who knows someone might think it was all
an NSA conspiracy. [Which is patent nonsense, since
I work for the KGB, not NSA]
3) If damage control is an issue, I've now protected myself
by loudly announcing to a large mailing list that
*MY* Internet box is unimportant. Therefore, if
something does happen to it, I've already pulled the
teeth from the public relations problem since everyone
on the list knows that only a totally lamer hacker
would go after a useless unprotected glorified Xterm
and Email box.
There is another ancillary tactic I won't go into,
which is "plausible deniability" in which I would
simply try to *convince* everyone the machine was
unimportant while in fact it was. I'm not doing
that here because real deniability beats plausible
deniability hands down. :)
Incidentally, the main "security" on "switchblade" is what
I have dubbed "Security by stupidity." Feel free to telnet to the
"switchblade.v-one.com" and poke around. Nothing is harmful, no
salesmen will call, no paratroopers will land. Please don't trash
my machine because it'll take me an hour to reload it from the DAT
and I will feel morally obligated to yell at you if we ever meet.
I suspect, but I don't know, that Tsutomu would probably
say something similar. The game of securing systems is correctly
balancing risks against technical responses to risk. If you can
convince yourself the risks are low, then the technical responses
required are also low.
If you don't take the time to figure out what's at stake
you can't produce a measured, appropriate response.
mjr.
Follow-Ups:
|
|
