RE: CRIME Driveby DOS

From: Quinby, Kris (MED) (kris.quinby@private)
Date: Wed Oct 23 2002 - 13:16:03 PDT

Next message: Jere Retzer: "RE: CRIME Driveby DOS"

Previous message: Andrew Plato: "RE: CRIME Driveby DOS"
Maybe in reply to: Jere Retzer: "CRIME Driveby DOS"
Next in thread: Jere Retzer: "RE: CRIME Driveby DOS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew,
 
Let's keep in mind that security is about mitigating risk not
eliminating it.  You will never eliminate risk.  The job of security it
to make it hard enough to accomplish something that someone will either
give up or, more likely, go on to the next "opportunity".
 

Kris
 

___________________________________________

Kris Quinby, CISSP
Systems Engineer - Data Center Operations
GE Medical Systems Information Technologies
Email: kris.quinby@private
Phone: 503-531-7190
Fax: 503-531-7001
  

-----Original Message-----
From: Andrew Plato [mailto:aplato@private]
Sent: Wednesday, October 23, 2002 12:20 PM
To: Zot O'Connor; crime@private
Subject: RE: CRIME Driveby DOS




>> Coupled with host IDS, firewalls, and a
>> few other goodies, it's a pretty safe network now.

>Just run the a VPN gateway behind the wireless segment.  Refuse anyone
>to go past it without the client VPN, and you are done.  Run WEP and
MAC
>filters, if you can, just to keep the casual eavesdroppers off the net.

>Therefore you have
>        a) Strong Authentication of the users.
>        b) Strong Encryption of the data.

>You are now *better* than the wired segments.

 
That's a peachy solution...unless the end node gets hacked and the
hacker uses the VPN tunnel to come into the network. This is how
Microsoft was hacked about a a year ago. A hacker took over some
developer's home PC, grabbed his VPN credentials and agent
configuration, and then used the VPN tunnel to access the network and
steal stuff. The intruder essentially bypassed all the security by
gaining control of the end-node in this case. In fact his intrusion
enjoyed a level of security itself, since his attack was nicely
encrypted inside the VPN tunnel. 

So VPN and authentication alone will not solve the problem. You have to
have some kind of strong, two-factor authentication on the end-node or
somthing to help prevent the end-nodes from getting hacked in the first
place. In this example, a simple reactive firewall or intrusion
prevention system running on the host might have stopped the hacker from
stealing the VPN credentials and agent software in the first place. 
 
___________________________________
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___________________________________

Next message: Jere Retzer: "RE: CRIME Driveby DOS"
Previous message: Andrew Plato: "RE: CRIME Driveby DOS"
Maybe in reply to: Jere Retzer: "CRIME Driveby DOS"
Next in thread: Jere Retzer: "RE: CRIME Driveby DOS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 14:06:26 PDT