Are we feeling safer yet?
Analyst Pete Lindstrom says the Lynn furor raises key questions about Internet security
Computerworld - Last week, Mike Lynn, a researcher formerly working for Internet Security Systems Inc. (ISS), gave a presentation at the Black Hat conference on the internal workings of Cisco Systems Inc.'s Internetworking Operating System (IOS) and exploit techniques that, in short, rocked the security world, created quite a legal stir and caused some security pundits to accuse the usual characters (big business) of being "thugs."
This commentary isn't about whether Cisco and ISS acted like thugs or whether Mike Lynn broke the law (see ISS researcher quits job to detail Cisco flaws). That's a very interesting discussion, but not for practical-minded enterprises that need to understand the nature of the information that's now in wide release. The real question for enterprise security professionals should be, "Are we safer based on this new information?"
As is always the case, Lynn and those rallying behind his cause claim that presentations like his make the world a safer place. I am going to go out on a limb and suggest a definition for "safer" that simply means we are less likely (either collectively or as individual entities) to suffer a loss now that this information is available. So the true test for anyone wanting to provide this information is whether the net effect is a higher or lower risk of loss; higher risk equals less safe, and lower risk equals a safer environment.
In assessing the risk, it's important to fully evaluate both the external threat environment and the vulnerability of the target. In cases of disclosure, threats (potential attackers) and vulnerabilities (target weaknesses) are intended to oppose each other so that the higher risk associated with the increased threat after disclosure should be more than offset by the reduced vulnerability level to create a lower-risk, safer environment.
In the case of Lynn's research and any other "how-tos" on vulnerabilities and exploits, the threat increases when more of the likely attackers gain access to information they didn't previously have nor could they have developed. The effect is to support their efforts toward developing exploits to compromise systems. With the publication now available to every likely attacker with Internet access, the threat is certainly increased. We see evidence of this increased threat routinely in security advisories that come out announcing new vulnerabilities, and it's borne out often in the form of worms like Blaster and Sasser.
Since the increased threat level is obvious -- in fact, in Lynn's case, there are already reports out of DefCon of hackers working "around the clock" to create new exploits against Cisco (see "Hackers at DefCon race to expose Cisco Internet flaw")
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts