RE: CRIME Driveby DOS

From: Quinby, Kris (MED) (kris.quinby@private)
Date: Wed Oct 23 2002 - 13:16:03 PDT

  • Next message: Jere Retzer: "RE: CRIME Driveby DOS"

    Andrew,
     
    Let's keep in mind that security is about mitigating risk not
    eliminating it.  You will never eliminate risk.  The job of security it
    to make it hard enough to accomplish something that someone will either
    give up or, more likely, go on to the next "opportunity".
     
    
    Kris
     
    
    ___________________________________________
    
    Kris Quinby, CISSP
    Systems Engineer - Data Center Operations
    GE Medical Systems Information Technologies
    Email: kris.quinby@private
    Phone: 503-531-7190
    Fax: 503-531-7001
      
    
    -----Original Message-----
    From: Andrew Plato [mailto:aplato@private]
    Sent: Wednesday, October 23, 2002 12:20 PM
    To: Zot O'Connor; crime@private
    Subject: RE: CRIME Driveby DOS
    
    
    
    
    >> Coupled with host IDS, firewalls, and a
    >> few other goodies, it's a pretty safe network now.
    
    >Just run the a VPN gateway behind the wireless segment.  Refuse anyone
    >to go past it without the client VPN, and you are done.  Run WEP and
    MAC
    >filters, if you can, just to keep the casual eavesdroppers off the net.
    
    >Therefore you have
    >        a) Strong Authentication of the users.
    >        b) Strong Encryption of the data.
    
    >You are now *better* than the wired segments.
    
     
    That's a peachy solution...unless the end node gets hacked and the
    hacker uses the VPN tunnel to come into the network. This is how
    Microsoft was hacked about a a year ago. A hacker took over some
    developer's home PC, grabbed his VPN credentials and agent
    configuration, and then used the VPN tunnel to access the network and
    steal stuff. The intruder essentially bypassed all the security by
    gaining control of the end-node in this case. In fact his intrusion
    enjoyed a level of security itself, since his attack was nicely
    encrypted inside the VPN tunnel. 
    
    So VPN and authentication alone will not solve the problem. You have to
    have some kind of strong, two-factor authentication on the end-node or
    somthing to help prevent the end-nodes from getting hacked in the first
    place. In this example, a simple reactive firewall or intrusion
    prevention system running on the host might have stopped the hacker from
    stealing the VPN credentials and agent software in the first place. 
     
    ___________________________________
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    503-644-5656 Office
    503-644-8574 Fax
    503-201-0821 Mobile
    www.anitian.com
    ___________________________________
     
     
     
     
    



    This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 14:06:26 PDT