Last night's blogging failure was caused by lightning and pee. Not my pee. But by the time the lightning was over it was a bit late to turn the computer back on, and by the time we dealt with the pee situation we were all a bit frazzled.[1]
Anyway. On to today.
I've been once again experiencing that mysterious psychic bond between caller and callee that allows people to call me only when I have left my desk and have my cell phone ringer off. My boss and I have a variant of this bond which enables him to try to find me in my office whenever I have stepped out. For my part, whenever I go to his office I find him on the phone. I'm sure this all makes sense, somehow.
I went to a talk with my friend Xiomara yesterday. The whole point of the talk was to depress us about the state of computer security. I think it was effective. The speaker (Rob Lee from SANS) made the point that our defenses are, and have always been, perimeter oriented. However, the realistic know that you basically can't keep people out if you are connected to a network. If there is ANY way for information to get in and out, sooner or later a determined attacker will get in. (My personal goals regarding this are a) don't be the low-hanging fruit, b) keep good backups so that you can restore your system after an intrusion is detected, and c) don't stress out about it because stress does not help. I'm actually surprised at how few incidents we have compared to how many computers and users we have. Or maybe our attackers are just that good, and we haven't noticed them. No way to know for sure, really.) Okay, so that was point one. His second point was that you need security INSIDE the perimeter. I agree on this point. Intrusion detection systems at the perimeter are a good thing, and necessary. But intelligent software watching the traffic within the network is now needed as well. If you care about being infected. If not, be on your merry way, and do not touch my computers. (Also, I put tcp wrapper restrictions on computers within my network to try to limit damage from infection. Of course very few services are wrapped compared to all the ports that are open on a given computer. But it helps.)
I did think it telling that his entire presentation (regarding the Stuxnet attack) was ENTIRELY about Windows. No Linux, no OSX, just Windows. So while I did take away his intended message, I also took away this one: "Windows is bad." Of course, I already felt that way. The statistics for how long it takes a Windows machine to be come infected if exposed to unfiltered traffic on the network are shocking. So are the statistics about the percentage of computers infected with one or more forms of malware worldwide. There's a fun survival time website you can look at for yourself, but according to the Internet Storm Center, the current survival time (of an uninfected Windows box) is about 150 minutes. That is actually orders of magnitude better then five years ago, so yay! I can't find the map I'm looking for that has infection rates around the world, but I did find this fun interactive one at Panda Security. It lists the rates much lower than Rob Lee did in his talk, which might be interesting or might reflect different sources of information.
So, anyway, I'm not as depressed by the talk as I might have been before. Maybe I'm jaded?
[1] Beauty chose last night as her annual "pee on our bed" night, just as JD was getting undressed to get into bed. We weren't best pleased.
No comments:
Post a Comment