Talk:Lecture 15

From CyberSecurity
Revision as of 17:55, 11 December 2005 by Liebling (talk | contribs) (Red/Green/Blue - are color schemes/perimeter defenses still viable?)

Jump to: navigation, search

Why aren't computers more stable?

David Dorwin The issue of computers being very unstable compared to the phone system came up in the lecture tonight. I'll open up the discussion and look forward to others' comments.

One reason is that consumers are not willing to pay for it. You can't have a $500 laptop with all the features you demand and still pay for the development and validation of really stable applications. The same is true for the $40 scanner with drivers that sometimes crash. Corporations make business decisions about how much they can afford to put into development and resolving such issues. I have a feeling that they often decide that the issues aren't upsetting enough customers or to enough extent to justify spending time and money on the problem. As competition continues to drive prices down, there is even less money to spend on validation and fixing bugs. In some ways, the issue is analogous to the outsourcing debate – Americans complain that jobs are going overseas then go Wal-Mart and leave with bags full of stuff from China.

Another factor when comparing PCs to most other products is the number of companies involved. I’m guessing that the telephone network is comprised of components and software from tens of companies. The same logic goes for your car. The maker specs each of the components that go into your car and verified that they work well together. Even if you buy third-party (non-maker brand) parts, there is a limited number of companies making each part and they have (hopefully) verified that they work in the cars they are designed for. In most cases, parts interact with only a few other parts, so this would seem to reduce the potential for problems. As an example, your oil filter doesn’t interact with or share resources with your shocks, tires, or stereo. The number of companies or individuals that are writing software and drivers for Windows XP is nearly countless. All of them must work well together, and if there is a bug (memory leak, runaway process, bug check, etc.) in any one of them, it can make the entire computer appear unstable.


Brian McGuire I like the analogy between cars and software - both of them usually work when they are new, but then occasionally need to be fixed due to wear and tear, or design flaws (recalls). Also, manufacturers of both are under pressure to find the cheapest solution to a problem that will last just past any warranty. Both degrade overtime - cars from physical wear and computers due to the lack of protection or uniformed users installing spywear.

Another factor that might be important is that users value how useful something is over how stable it is. Even though the phone line always works, myself and many people I know don't own a land line because it is an order of magnitude less useful than a mobile phone for approximately the same cost, even if sometimes a cell tower goes down and I don't get reception at home. To extend that to computers - most people don't have to have their home computer working perfectly all of the time - so a problem won't necessarily have a huge impact. If they do have to have a working computer it's cheap enough to purchase a second computer or laptop and have redundant capabilities in case of a problem. While an individual computer might not be stable, you are pretty safe just by purchasing a second one. And like cell phones, they are getting to be cheap enough that you can throw them away as long as you back up important information.

Red/Green/Blue - are color schemes/perimeter defenses still viable?

It was interesting to note the analogies drawn with conventionl warfare/castles etc. However can such a scheme be viable today? Ed had raised this question, using examples of users bringing in floppy disks, USB drives and such. Another aspect is users taking their laptops home or while travelling and VPN'ing into the corporate network. The problem with planning a perimeter defense is that there is no perimeter anymore. The example of VPN and mobility of elements also suggests that a color scheme would also have to consider the factor of time (or location depending on the way you look at it). A laptop when connected from inside the corporate network, is "Green". But when VPN'ed in it's "Blue" or even "Red" (it's pretty easy to hack the usual VPN settings so that you have access to both the internet and your corporate network). Talking about colors started me thinking of Butler Lampson's talk. He had presented such a colorful lecture on the red/green security zones on PCs. Butler used only 2 colors, but one can easily think of the use of more colors or security levels. E.g. a blue layer, through which all data movement occurs between red and green layers. Well, given that we are considering such schemes; what that signifies to me is that the perimeter has been invaded and become so fragmented that we now have the need for security layers on our own individual workstations!! Pretty depressing, I think something went wrong somewhere.

--Chris DuPuis 08:18, 8 December 2005 (PST) I would contend that any network design that even lets users' desktop systems be inside the "Green" zone is fundamentally insecure. Really, you don't want trouble caused by users' vulnerable applications, especially their email client and web browser, to be able to take out your mission-critical systems. This goes doubly for laptops, which are entirely outside your control once users leave the building with them.

--David Dorwin GreenBorder, which Steven Gribble mentioned during his lecture on 11/9 claims to keep your "VPNs and corporate networks clear of mobile infestations." Their definition of "Green" is much different than this week, though.

--Rob Anderson Indeed, coloring schemes are useful only for reducing the likelihood of being infected with viruses. They are not at all useful for defending against malicious insiders, which are the #1 source of attacks. Many security researchers seem to prefer 'harm-mitigation', or systems for reducing the amount of damage that an attack can cause.

--liebling You can still control your perimiter to some extent. At Microsoft, every machine that connects via VPN undergoes pretty thorough security checks (viruses, spyware, security patches, internal software). The connecting machine must have a smart card reader with the user's smart card inserted. Per policy everyone's laptop file systems should be encrypted so that if stolen, the contents are irretrevable. This applies to Smart Phones as well (we are supposed to password-lock them all the time) but I think people rarely follow this restriction.

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Talk:Lecture_15&oldid=3604"