September 03, 2002

Computer Security, Bruce Schneier, wireless networks

The Atlantic has an excellent article by Charles Mann on issues surrounding computer security - and about security overall.  There is lots of good commentary throughout from one of the gurus of computer security, Bruce Schneier, author of Applied Cryptography and founder of Counterpane Internet Security

This is especially relevant in the context of the furor surrounding the security of wireless networks.  With all of the hubbub surrounding the crack of RC4 and WEP, and security questions surrounding 802.1x, there has been a scramble to find technological solutions to the problems introduced; namely that a determined attacker could hack into or listen in on a WEP-encrypted network with a few hours worth of data received from the access point, not to mention that most APs today are severely mis-configured out-of-the-box with regards to security. 

Schneier is one of the finest security analysts of our time, His monthly crypto-gram newsletter is required reading for anyone who is interested in network and computer security.  His book Secrets and Lies is a great introduction to these issues for the layman.  When I was designing Sputnik's security and management features, I found myself again and again thinking about his rational approach to creating systems that fail gracefully.  Some guidelines:
  1. The network is fundamentally insecure
  2. There is no such thing as 100% security
  3. Create systems that fail gracefully
  4. Ensure that systems do not fail catastrophically (e.g. SeaTac in the article)
  5. Design security in depth
  6. Remember the humans in the loop
  7. There is always a tradeoff between security and flexibility
  8. Give users and administrators a choice when making that tradeoff
  9. Do your best to make it secure out-of-the-box
Here's an excellent quote by Schneier from the article:
"The trick is to remember that technology can't save you…. We know this in our own lives. We realize that there's no magic anti-burglary dust we can sprinkle on our cars to prevent them from being stolen. We know that car alarms don't offer much protection. The Club at best makes burglars steal the car next to you. For real safety we park on nice streets where people notice if somebody smashes the window. Or we park in garages, where somebody watches the car. In both cases people are the essential security element. You always build the system around people."
So, do we have to abandon our goal of perfect theoretical security?  Yes, I think so.  The more important goal is, "Does my system make it inconvenient enough for attackers that they attempt to attack via other means?", or "Does my system raise the cost of a successful attack high enough to be impractical?" and "Does my system make it easy for humans to monitor?"

Just some ramblings on the day after labor day... Posted by dsifry at September 3, 2002 03:03 PM | TrackBack | View blog reactions