Humans, Not Computers, Are Intrusion Tolerant
Several years ago I mentioned the human firewall project as an example of a security awareness-centric defensive measure. I thought it ironic that the project was dead by the time I looked into it.
On a similar note, I was considering the idea of intrusion tolerance recently, loosely defined as having a system continue to function properly despite being compromised. A pioneer in the field describes the concept thus:
Classical security-related work has on the other hand privileged, with few exceptions, intrusion prevention... [With intrusion tolerance, i]nstead of trying to prevent every single intrusion, these are allowed, but tolerated: the system triggers mechanisms that prevent the intrusion from generating a system security failure.
It occurred to me recently that, in one sense, we have already fielded intrusion tolerant systems. Any computer operated, owned, or managed by a person who doesn't care about its integrity is an intrusion tolerant system.
People tolerate the intrusion for various reasons, such as:
All of those are false, but intrusion tolerant systems (meaning the human plus the hardware and software) tolerate intrusions. What's worse is that modern threats understand these parameters and seek to work within them, rather than do something stupid like open and close a CD-ROM tray or waste bandwidth, tipping off the human by interfering with the operation of the system.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
On a similar note, I was considering the idea of intrusion tolerance recently, loosely defined as having a system continue to function properly despite being compromised. A pioneer in the field describes the concept thus:
Classical security-related work has on the other hand privileged, with few exceptions, intrusion prevention... [With intrusion tolerance, i]nstead of trying to prevent every single intrusion, these are allowed, but tolerated: the system triggers mechanisms that prevent the intrusion from generating a system security failure.
It occurred to me recently that, in one sense, we have already fielded intrusion tolerant systems. Any computer operated, owned, or managed by a person who doesn't care about its integrity is an intrusion tolerant system.
People tolerate the intrusion for various reasons, such as:
- "I don't think any threats are attacking me."
- "I don't see my system or information being disclosed / degraded / denied."
- "I don't have anything valuable on my system."
All of those are false, but intrusion tolerant systems (meaning the human plus the hardware and software) tolerate intrusions. What's worse is that modern threats understand these parameters and seek to work within them, rather than do something stupid like open and close a CD-ROM tray or waste bandwidth, tipping off the human by interfering with the operation of the system.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
Comments
A more pernicious kind of intrusion tolerance is when ISPs allow malicious parties to host hostile systems on their networks, paying for the hosts with stolen credit cards. Subscriber numbers and revenues are higher than they would be otherwise for the ISP and the criminals have a temporary base of operation in that region or country before the service is terminated when the credit card issuer halts further payments. It's a win-win for both parties in the short run.
As far as DLP, I'm guessing that most of the products out there are inadequate, capable of "catching stupid" as you phrased it. If it were otherwise, we wouldn't be hearing on the news all of the problems the U.S. Armed Services have with data leakage on their networks. If the military can't stop data leakage of military documents and secrets, what hope do private security professionals have with smaller budgets, poor tools, clueless executives, and poor policies that protect said executives from their data leakage blunders and punish the wage slaves for theirs?
jbmoore, GREAT comment. I didn't even consider ISPs.
This type of intrusion tolerance can also be seen in commercial software. Software vendors know that no matter what they do their software WILL be pirated. This is tolerated by software vendors for a few reasons.
1. The people who pirate software probably would never become paying customers anyway. In other words, you didn't lose a sale as it was never yours to begin with.
2. The cost to absolutely protect software from piracy outweighs the financial benefits.
So, what software vendors do is make it "hard" for their software to be pirated using license keys, license validation and other methods but tolerate the fact that some piracy will occur.