Firewalls: Re: Infosec Accountability

Firewalls
(March 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Infosec Accountability - 2 cents more
From:	William Hugh Murray <whmurray @ sprynet . com>
Date:	Mon, 02 Mar 98 23:45:53 -0500
To:	Gene Spafford <Spaf @ CS . PURDUE . EDU>
Cc:	"bill . stewart @ pobox . com" <bill . stewart @ pobox . com>, "cypherpunks @ Algebra . COM" <cypherpunks @ Algebra . COM>, "firewalls @ greatcircle . com" <firewalls @ greatcircle . com>, Vin McClellan <vin @ shore . net>

-- [ From: William Hugh Murray * EMC.Ver #3.1 ] --

Gene writes.

>>>I remain convinced this is the first place we need to gets some 
fixes.  Otherwise, the unworthy and the responsible alike are going to 
be held accountable for what amounts to stopping an avalanche with a 
trowel.<<<

To propose this is to suggest that the problem is simply intractable. 
I propose to you that we will never fix the network by fixing operating 
systems.  The world deployed more new buggy copies of your favorite 
operating system today than it patched or replaced. If the only way to 
secure the network is to fix the operating systems of the nodes, then we 
will never get there.

You may say that the vendors can fix the problem by delivering higher 
quality operating systems.  How long will it take before the number of 
good ones exceeds the number of bad ones; even assuming that buyers can 
tell one from another and prefer secure ones to the fastest, most 
functional, and general ones, a highly unlikely assumption?  

The bad quality of the operating system is only a contributing factor to 
the problem.  The biggest problem is that the hackers are able to logon. 
This problem persists because managers who have spent thousands of 
dollars per seat to provide computing will not spend tens of dollars per 
seat for strong user authentication.  After that we have buffer overflow 
problems.  If one is to trust the reports, the number of these is at 
best constant to growing.  This problem appears to be solidly rooted.  
Rooted, that is, in a developer and buyer preference for performance 
over anything but function.

The next problem is that the operating system is visible to the public 
network. If you admit that they are not capable of protecting themselves 
from their traffic, then why are we connecting them to the public 
network?  Nice people simply do not do that.  There is almost never a 
justification for doing it but the rationale is that they must be 
connected so we can fix them.  I'm sorry? 
 
Finally, there is gratuitous system functionality.  If there were no 
command processor then the problems of buffer overflows would be 
mitigated.  If I must choose between patching function and taking it 
out, I prefer the latter.  We are still using operating systems that 
were built for sharing expensive hardware.  As if that were not bad 
enough, we are using them as if hardware were still expensive.  

The net is that requiring strong authentication, hiding the operating 
systems from the network, and removing gratuitous functionality are more 
important and more effective than trying to replace or patch operating 
systems.

Bill

Follow-Ups:

Re: Infosec Accountability - 2 cents more
From: spaf @ cs . purdue . edu (Gene Spafford)

Indexed By Date	Previous:	FW: Majordomo results From: Yinan Yang <YYANG @ nla . gov . au>
Indexed By Date	Next:	Re: Infosec Accountability - 2 cents more From: spaf @ cs . purdue . edu (Gene Spafford)
Indexed By Thread	Previous:	Re: Infosec Accountability - 2 cents more From: Bill Frantz <frantz @ netcom . com>
Indexed By Thread	Next:	Re: Infosec Accountability - 2 cents more From: spaf @ cs . purdue . edu (Gene Spafford)