Monday, September 20, 2010

Computer Security

Different kinds of computers need different kinds of security, just as different kinds of physical sites need different kinds of security. A level of security appropriate for, say, a private house, would be woefully insufficient for, say, a bank with millions of dollars in its vault. And the bank's security would be woefully insufficient for, say, a military base. On the other end, too much security for the site is also bad. A private residence's owner would go bankrupt trying to achieve the base's security level, and would be infinitely inconvenienced. (You lost your RFID badge?!?! IMMEDIATE LOCKDOWN!!!!!)
When it comes to computer break-ins, the most vandalized site in the US is the Pentagon, as the centralized hub of the US military. It's not clear how much of these attacks are spies hoping for an edge, and how many of them are pimply-faced youths who want the bragging rites of claiming that they "hacked the government." Thankfully, the government has enough competent IT that nothing of value is ever lost.
If for some reason the Department of Defense were to contact me tomorrow and ask me to start managing the website, this is how I'd do it:
1. Make sure the website is not even on the same network as the computers with the top secret stuff.
2. Virtualize the website. Colocate this at a major ISP in the Virginia area. (The Pentagon is in Virginia, and I want to be able to take the top brass to see it at their request.)
3. Tighten security as best I can. Close ports, update the kernels, and close every "Free access" and escalation technique I can read up on. No sense in making it easy to hack.
4. Set up a script to scrub and replace it on an hourly basis. (Or, if the situation is worse than I feared, this can be changed to a half-hourly, or even minutely basis.) This is made easier by the virtualization step. I can now do this by hand with three commands, but will more likely set up an automated cron job. This way if it is hacked, nothing of value gets lost.
5. Set up a script to dump logs from the scrubbed copies before deleting them. I will want to see if any particular technique is used to violate security, and develop countermeasures. I will note if the page was vandalized or not, and if it was, who claimed credit for vandalizing it. I will note the access logs and produce a graph of significant figures.


The Chinese guy said...

At least you didn't say finger print or retinal scanning. I always find PC security like this dubious, where previously they'd nick your laptop if it was verified by finger prints or worse retinal scans they'd not only steal your stuff but would hack your finger off and maybe take an eyeball too!

Mad Engineering said...

Fingerprint scanning isn't as good as all that. Often times it can be fooled by a jello-mold of the target's finger. Or worse, a paper copy. (As seen on Mythbusters.)
There are fingerprint scanners that require, among other things, active blood flow through the finger in question to prove it isn't hacked off, but they have a price range such that you have to be a government to afford it.
Of course, even granted that, one can be coerced into providing access, which is far cheaper than hacking off a finger or eyeball. (And that doesn't cost very much either.)

Related Posts Plugin for WordPress, Blogger...