Each of these meltdowns started with the exposure of data over an
insecure network. There are a variety of other, more subtle problems
that arise out of lower-level attacks on DNS and IP. For example,
let's say you have subscribed to a Web-based information service for
which you shell out $15 per month. Prying eyes in your office notice
the http traffic requests leaving your machine for www.goodies.com, so
they forge a DNS entry pointing to a machine on the local network.
Populating it with the HTML forms from your favorite site, your
registration and password access information are easy pickings. More
information about IP address spoofing and similar attacks can be found
on-line in the
Information Warehouse! publications list.
The bottom line is that unless you blindly trust the network and
everyone who may be connected to it, you have to worry about data
exposure and user authentication.
Distributed systems often come under fire for being
less secure than host-based (mainframe) or centralized computing
environments. While most of the criticism centers around the maturity
of the Unix operating system (or lack thereof), in reality problems stem from two
primary areas: exposure of sensitive data (such as passwords transmitted over a
network connection), and the ability to access systems via a network
without actually being physically present at the system. It's not Unix
per se that's the problem, but the distributed systems Unix
engender that create the headaches.
Put another way, it's difficult
to steal a password from someone logging into a 3270 terminal without
cutting the coaxial cable and splicing into the SNA network, while it's
fairly easy to copy a password transmitted unprotected over a TCP/IP
network. Using any Unix workstation on which they have root access,
a PC, or low-cost network analysis equipment plugged into an
unused twisted pair port an attacker can snoop anything sent
over the network in the clear. When you can no longer control or even
enumerate all of the potential access points and you can't restrict
access to all of the paths over which data travels, you need to start
designing security measures into your system to replace the physical
comforts offered by a centralized data center.
Twisty little passages, all different
What can a responsible system manager do? Your primary goal is to
protect the channels through which sensitive information flows, either
by authenticating the users and servers connected to the channel or by
encrypting the data so that it's not useful to anyone except the
corresponding parties. As authentication is typically accomplished
using an encryption mechanism to verify credential information, we'll
lump the two problems together as we survey potential solutions.