• No results found

Know Thy Friends. Revisiting white-list security where black lists fail

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Know Thy Friends. Revisiting white-list security where black lists fail"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Know Thy Friends

Revisiting white-list security where black lists fail

(2)

Introduction

n When the largest security firms wrote

their best practices into policy,

computing resources were too slow to keep up with huge access control lists

n To provide cost-effective security, they

turned increasingly to ÒblackÓ lists of

known offenders instead of ÒwhiteÓ lists of trusted users

(3)

Introduction

n While the Internet has grown much

larger since those days, the number of attackers has grown larger faster

n According to Dave Dittrich of the

Honeynet project, it takes

approximately 36 hours for a new Internet host to come under attack

(4)

Introduction

n As defensive measures improve in

time, so do the sophistication of attacker methods

n Offenders benefit from decreasing

bandwidth costs and the ensuing decreasing attack costs

(5)

Introduction

n CSI survey of 503 U.S. security

professionals summary

n 90% detected computer security breaches in

the previous twelve months

n 80% suffered financial losses due to

computer security breaches

n 40% detected system penetration from

(6)

Introduction

n In the harsh climate of the public

Internet, it is ever more costly to identify and defend against the onslaught of malicious users

n To contrast, the number of trusted

users has remained relatively unchanged for inter/intranet applications

(7)

Comparison Ð Black Lists

n Pro ¡ Inexpensive per-entry ¡ Temporary entries can inexpensively delay attackers n Con ¡ Logarithmic increase in malicious users means matching increase in number of entries and thus cost

¡ Entries are hard to

(8)

Comparison Ð White Lists

n Pro

¡ Costs are

predictable

¡ Much more resilient

to attackers

¡ Entries are derived

from real world relationships and easier to understand n Con ¡ Requires human intervention to create entry ¡ Is therefore expensive per-entry

(9)

Point Comparison Summary

n Black lists are cheap and easy to

create by automated processes, but

quickly grow huge and become difficult to manage

n White lists are more expensive to

create but easier to manage because the number of entries is so much

(10)

Cost Basis

n Gartner Group estimates that one user

costs about $300 per year in

administration and help desk calls

n My estimates indicate that white list

security incurs around 50% more help desk calls per user, which translates to another $150 per year

(11)

Cost Basis

n As accountants will undoubtedly

describe, $450 per year per user is an unacceptable cost to most companies

n The Gartner Group study describes a

cost reduction of greater than 50% when using automated help desk

(12)

Cost Basis

n Automated help desk and

administration features can eliminate most of the additional white list

incurred costs.

¡ Traditional cost estimates drop from $300

to $144

¡ I estimate costs for white-list based

systems plummeting from $450 to $175 per year

(13)

Cost Basis

n The actual cost to a company will vary

greatly based on user expertise, systemic automation and other factors

n Policy makers should seriously evaluate

their current user costs and security model to see if they can simultaneously decrease their IT expenses and migrate toward the much stronger white list security model

(14)

Technology Examples

n Reliable e-mail receipt

¡ Automated white-list management

¡ Manual white and black list overrides

n Wireless routing

¡ IPSEC/PPTP tunneling ¡ 802.11x

(15)

Technology Examples

(16)

Improving e-mail reliability

n Tagged Message Delivery Agent

¡ Free software

¡ Allows manual white and black list e-mail

addresses

¡ Automatically verifies unknown senders

by replying to their message

¡ When used, inbound messages can

(17)

Improving e-mail reliability

n QAdmin-TMDA

¡ Web-based e-mail

account manager with direct QMail and TMDA support

¡ Enables quick and

easy per-account maintenance

(18)

Configuring TMDA

n The technical details are covered at

http://tmda.net/

¡ Configure your MTA to allow filtering

¡ Insert TMDA into your mail transfer chain ¡ Generate keys for each user

¡ Optionally configure client software to tag

outbound messages and send them through to authentication mechanism

(19)

Configuring TMDA

n Message tagging

¡ To temporarily add the recipient of

outbound mail to your white list, using the following lines in FILTER_OUTGOING:

n ## use bare address and a dated envelope (to

n ## catch bounces) with whitelisted recipients

n to-file ~/.tmda/lists/whitelist tag envelope dated=14d from bare

n to-file ~/.tmda/lists/wildcards tag envelope dated=14d from bare

¡ This will allow a 14 day grace period

without any automatic responses from TMDA to your recipients

(20)

Outbound e-mail header X-TMDA:

Tags sender address so that only the recipient list can reply to the message

(ex: mary-sender-a17f80@host.net) sender

Tags sender address so that replies can only be received within 3 months

dated=3m

Tags sender address so that replies can only be received within a default timeout period

(ex: mary-dated-989108708.a17f80@host.net) dated

Same as bare, plus adds recipients to a permanent list bare-append

Your sender address is left unchanged (ex: mary@host.net)

bare

(21)

Improving e-mail reliability

n TMDA adds protection from unsolicited

commercial e-mail and adds a layer of knowledge about messages received by your user base

n By automating the white list, the

features are gained with extremely low cost to the company and user

(22)

Technology examples

(23)

Wireless Technology Example

n 802.11 protocols are a major source of

security vulnerabilities in corporate networks

n All the same, these protocols form the

basis of exciting mobile workflows and are increasingly common in the office environment

(24)

Wireless routing

n The technology basis defaults to giving

access to any user, often with primitive hardware address filtering using white and black lists

n This is a fundamentally difficult

security system and does nothing to address the cryptography problems intrinsic to 802.11b

(25)

Wireless routing

n Transforming the black-list based

security to a white-list system is a lot easier if we rely on common

authentication and encryption mechanisms

n VPN tunnels are clearly the easiest

(26)

Wireless routing

n Step-by-step white list 802.11

¡ Put a default-deny firewall between the

AP and the rest of the network

¡ Enable only the protocols and ports

required to support your favorite VPN tunnel

¡ Configure a VPN server to use your

existing authentication software and position it behind the firewall

(27)

What This Means

n Network installations are attacked

consistently by people trying to infiltrate black-list environments

n Black-list systems are increasingly

complex and expensive

n White-list systems are relatively

(28)

What This Means

n Black lists are decreasingly feasible n White lists are increasingly feasible n The burden is on administration and

management to push for Ôdefault denyÕ policies to replace Ôdefault allowÕ

References

Download now ( PDF - 28 Page - 109.45 KB )

Related documents

Temporal and spatial harvest patterns of river otter in Louisiana and its potential use as a bioindicator species of water quality

A basic assumption of this chapter is that the structure of the pelt time series reflects the structure of the dynamics of the actual river otter populations. Two elements of

IALA Navguide

Committees are established by the Council to study a range of issues, as determined by the General Assembly, with the aim of preparing recommendations and guidelines for IALA

Southern Free Women of Color in the Antebellum North: Race, Class, and a New Women\u27s Legal History

Wilma King has argued: “the time is now ripe for reconstructing the lives of ordinary and extraordinary free black women from a historical perspective.” 99 It is important too,

Assessing landscape scale heterogeneity in irrigation water use with remote sensing and in situ monitoring

Consequently, while errors in model estimates of irrigation water requirements due to input data or model structure uncertainty cannot be discounted, we suggest that these are insuf

Georgia Perimeter College, Georgia State University Consolidation Implementation Committee

With the exception of the following all recommendations from Committee 7 General Education and Core Curriculum were approved.. Recommends that the core Areas A-E for Georgia

Lubrication and Journal Bearings

Boundary lubrication when insufficient surface area, a drop in the velocity of the moving surface, a lessening in the quantity of lubricant delivered to a bearing,

Public Tertiary Education Expenditure in Portugal: a Non-Parametric Efficiency Analysis

This measurement issue is here considered in terms of efficiency measures comparing public resources – total expenditures, dimension of staff – used by Portuguese public

2016 ALTERNATIVE FUEL BUYERS GUIDE

As a result of employing propane autogas vehicles, AmeriPride estimates that each vehicle will emit 95,000 fewer pounds of carbon dioxide over its lifetime, resulting in 2.4