I had yet another computer journalist call me to ask if Vendor X’s security solution was THE security product to solve all
our security problems. I get a call or e-mail like this about once every two weeks. Usually they’ve read the vendor’s own
PR, another newspaper article, or even my own column touting a particular product. The typical conversation goes something
like this:
Journalist: "Hey, do you think Product A from Vendor X will solve all our security problems?" (I’m not making up this question,
either -- I hear a version of it 99 percent of the time.)
Me: "No, I think security is only going to get worse and every proposed product is doomed to failure. I predict that within
a few days the Internet will collapse and online communication as we know it will cease to exist and the Internet will have
to be rebuilt from the ashes over the next six months. On the positive side, we’ll all have a lot more time for our family
soon."
Journalist: [Silence or pause] “Huh?”
To be fair, a little more than half of them know I’m pulling their leg. Only a few formally ask if they can quote me.
It bothers me that a lot of computer security journalists don’t really know security. Not that I’m an expert, but when a vendor’s
press release starts out with the phrase, “We detect all threats known and unknown, without frequent updates," I immediately
discount that product.
Usually I end up explaining to the journalist how none of the security products we use will ever be perfect because they are
all point solutions ignoring the real problem: Most hackers and malware spreaders never get caught. If hackers and malware
writers knew we could catch them most of the time, we wouldn’t even need anti-virus software or firewalls, because our security
threats would be almost gone.
This is analogous to speeding on the highway. Nearly everyone speeds on the highway because few speeders get caught. But if
every speeder got a ticket every time (think ticket-cams), you’d see all drivers slow down.
The real computer security problem is a lack of persuasive authentication. If the Internet allowed default authentication
and accountability for every packet and every program, from source to destination, hacking and malware would stop overnight.
In a better world, if someone sent me a malicious program, I could track it back not only who sent the program to me, but
who sent the program to them, and so on … back to the original creator, with nearly 100 percent certainty. Hacking would cease
to exist.
It’s not as if this idea is unknown to the world. Many security solutions attempt to tackle authentication: PKI, S/MIME, PGP,
ActiveX, smart cards, network access control solutions, etc. But each of these is only point a solution, tackling a particular
part of the problem but not every possible scenario.
Lots of people are trying to build a holistic solution, but persuasive authentication isn’t easy or fast to accomplish. The
Trusted Computing Group’s open standards are a good place to start. They offer guidance to computer device manufacturers and software developers attempting
to build in default trust and authentication.
The idea is that everything needs to be authenticated, including the hardware, operating system, application software, and
anything the software creates or sends. It all starts with trusted hardware components, to prevent software from manipulating
and invalidating the trust routines situated in the hardware. Currently, many hardware and CPU vendors are building TPM (trusted
platform module) chips onto the motherboard. Linux and Microsoft are already starting to use the chips; enterprise versions
of Windows Vista will use the TPM chips to store encryption keys that lock up the hard drive prior to booting to prevent boot-around
attacks.
Once the hardware is secure, vendors can build trusted and authenticated operating systems that rely on the trusted hardware.
Then application vendors can rely on the OS for trust and allow people to send trusted data content back and forth to each
other.
In the future, it is highly likely that the Internet Version 2 will require default authentication on all messages, from source
to destination. For example, in order for your e-mail server to send an e-mail to my e-mail server, it must authenticate to
my e-mail server first. Your e-mail server will authenticate that your e-mail came from you and that you meant to send it.
Your operating system will ensure that your e-mail client isn’t being controlled by a worm or spybot.
Some people say that persuasive authentication is bad, that anonymity is necessary in certain places, like AIDS testing organizations
and rape recovery meeting groups. That's fine -- keep your anonymity. I’ll just not allow anything that needs anonymity to
connect to my business asset, and I’ll pay extra for that protection.
Maybe there will be two Internets: one for default authentication (and encryption) and another for the untrusted world to
play. IRC (Internet Relay Chat) channels have that now. Communicating on unauthenticated IRC chat channels is a dangerous
place to hang out for most Internet users. The trusted and authenticated IRC chat channels are mostly free of malicious hacking
and bot wars that plague the untrusted version.
For hackers to attack the trusted Internet, they will need to compromise the persuasive authentication mechanisms. And they
will, because humans will code the authentication mechanisms and we are imperfect. But we will be able to install one patch
and immediately remove that attack threat -- which is the opposite of what we do now. Today, we cure one symptom while ignoring
the underlying disease.
The solution to our security problems isn’t a particular product or vendor, but persuasive authentication, which will probably
only happen after multiple catastrophic e-commerce events and forced government regulation. We know what the fix is, but we
are reactive sheep, waiting to be forced to the real solution.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
