CSU Security Day 05
CSU Security Day Presentation
November 4th, 2:45PM at Columbus State University, Davidson Hall
Trade-offs and managing complexity
All security involves trade-offs!
Computer network access with no security at all is very easy to use, but, obviously, it's not very secure.
Perfectly securing your network means uplugging it from the wall, but that makes it significantly less useful. (Really, even that doesn't allow for someone coming into your building and plugging it back in!)
Good security decisions are made by knowing where you fall in the middle of the two extremes.
Smart risk assessment
Security can be an amazingly complex problem, especially for complex networks. Making things worse, the importance of security can be easily overlooked, and often gets implemented only as an after-thought. This is especially the case when project deadlines are looming, and the IT staff is over-worked.
Even a very aggressive security policy can easily overlook simple things.
Think like an attacker: Scenario 1
It's common knowlege that rogue (unauthorized) wireless access points in a company can provide an attacker the opportunity to penetrate a network, often completely bypassing any coporate firewalls. So, the hypothetical company in question may prohibit all rougue APs, and perodically scan for them. Problem solved, right?
Well, 95% of all corporate laptops are equipped with a wireless network card.
- An attacker enables a rogue AP
- Windows running on an employee's laptop happily associates with the new AP
- The attacker immediately tries to exploit the employee's workstation (attacker only has to find *one* security hole!)
- After exploiting the workstation, attacker installs a root-kit to smuggle information (and arbitrary commands!) in and out of the corporate *wired* network
- The attackers disables the AP
Now, the hypothetical attacker has access to the company's wired network, and a platform from which to launch further attacks against critical servers (think: financial records, servers with proprietary source code, etc.) An attack like this can be completely automated, taking five minutes--or less! Something like this can slip by even extremely aggressive scanning for rogues... or, at the very least, succesfully compromise the target before the attack can be prevented.
Think like an attacker: Scenario 2
- Joe User sits down in a coffee shop, intending to check his web-based e-mail.
- Annie Attacker sits on the other side of the coffee shop, and decides she'd also like to read Joe's e-mail.
- Joe begins the log-in process. His laptop requests the IP address for his web-mail service using DNS.
- Annie's laptop impersonates the DNS server, and returns a phony reply to Joe.
- Joe now thinks that Annie's laptop is the web-mail service, and enters his username and password into the phony web-site.
- Annie can now just pack up and leave--*with* Joe's e-mail credentials.
This represents a completely different environment than the previous scenario, with a different target and a different method of attack. This demonstrates that each scenario can introduce factors that require vastly different approaches.