.comment: A Different View of Security
Waking Up to a Changed World
It's been a week and a day since the world changed -- and believe me, the world did change, all of it -- and it's ever more evident that the rage is not going to go away. Possibly on either side. Definitely not around here. I was in broadcasting in New York City for a number of years, and a lot of the broadcast transmitters and network uplinks were on top of the World Trade Center. There were engineers there, and in broadcasting, one tends to know a lot of the engineers. They didn't have a chance, nor did anyone located above the points where the stolen airliners full of people hit. Officially listed as "missing," they were either incinerated, or crushed, or were among those who jumped, perhaps surprised at first that there didn't seem to be a ground rush; that came a few seconds later.
My country has been raped, and like other rape victims we will recover, but we'll never be the same; still, we'll feel a lot better when certain parts are lopped off the offenders -- in this case, their heads. (If you disagree with me on this, tough.)
Some of the rage arises, no doubt, from an inability to do anything about it. But for the IT community, there is a great deal that must be done, anticipated, provided for.
Data Integrity and Preservation
As cold as this probably sounds, one of the disasters that didn't take place last Tuesday was the loss of significant data. And that's important. Many of the companies in the World Trade Center were securities dealers, including some of the world's largest. Had customer order information, account information, inventories of customer securities held by the company, and other important data not been duplicated off-site, a very bad economic situation would have been made immeasurably worse.
I do not know of anyone, including those in a position to provide a reliable appraisal, who thinks that the events of September 11 are the last of it. They may be the last attack via commercial airliner, but there are ever so many other ways of creating enormous death and destruction in an open society. Already, people who have phony documents have been arrested doing things such as scoping out dams located above cities. There has been talk, even, of terrorist nuclear weapons (the subject, interestingly, of John McPhee's The Curve of Binding Energy, the tremendous 1974 book that speculated, ironically, on using such a device to knock down the World Trade Center). These produce, in addition to the obvious destruction, a very nasty electromagnetic pulse against which most computers are nowhere near hardened, and the range of the EMP can be significantly greater than the area of physical damage. It is therefore extremely good sense, if you are in a business where preservation of data is extremely important, to back up to a distant and safe site. (This kind of decentralization was, of course, one of the reasons for the development of DARPAnet more than 30 years ago.)
After all that has happened, the appearance yesterday of yet another Microsoft IIS worm was almost funny, illustrating as it did something that would have been a huge outrage 10 days ago and that now seemed almost insignificant. (Additionally, anyone who still runs unpatched Windows boxen is so dimwitted that it's surprising they have enough working brain cells to sustain life.) The new worm appears to have nothing to do with the attacks of terror and death, but that doesn't mean that the potential for an orchestrated and sustained cyber attack doesn't exist. Despite the fact that it has never happened, it is possible to bring down the Internet. And just as people learned the folly of entrusting all their savings to dotcom investments, they would come to learn the folly of entrusting their commerce to a network that at the moment isn't all that safe. In fact, the bad guys learned this a few days ago, when a European cracker busted open a machine run by radical Moslems and published the email addresses he found there. So much for the fabled encryption brilliance of these guys.
Which raises an issue I've talked about before: there is more to computer crime than the script kiddie stunts, the release of virus and worm code, and DDoS attacks. We now believe that the people responsible for last week's attacks actually shorted equities that would lose value as a result of the attacks, thereby making a great deal of money. So we are not talking a lack of sophistication here. Nor are we talking a single group that is interested in acquiring anything on your machine that might be of value -- garden variety criminals are very likely up to this, too.
What to do? Firewall everything, tightly. Don't send anything of importance over non-secure connections. Really beat your system up in an effort to find vulnerabilities, then fix them. Kill all nonessential services, which for many will be all services. (Distributions, bless 'em, have mostly now dropped their practice of turning everything on by default. That's a good step, but the rest of the path you need to take yourself.)