Daniel J. Frasnelli (dfrasnel@csee.wvu.edu)
Wed, 28 Apr 1999 13:55:47 -0400 (EDT)
> I kind of like the threat model behind pen and paper. It's been a *long*
> time since someone found a buffer overflow problem in my notebook.
Then again, while banging on an SGI O2 in someone's office the
other day, I could not help but notice all these "sticky notes" with
login/password information for not only machines in our domain, but
various NASA systems. Good thing he trusts everyone who walks in the
open door when he's not there. The first principle of administration
is that users have always, will always do things to make your skin crawl.
Heck, I've even found login information scribbled down on the tops of
desks and bathroom walls before.
Point is, reusable passwords are a weak form of authentication
because it is based on the hope that a user has substantial "common
sense" when it comes to security. You really have two options:
Either start educating your users until they get sick of hearing it and
actually put some of it into practice, or dump the reusable passwords.
Yeah, it has a lot to do with your site's risk factor and
potential costs. One site I worked on went down for one week to
reinstall operating systems and do a network audit. The cost?
"Only" $20,000. But let's think about a site which has classified
data like, let's say, a spectrographic analysis of "stealth" coating
and the exact radar cross-section of an F117A. A lot more at stake
than money at that point. Those types of systems probably have no
physical connection to the outside internet, but that's besides the
point here.
In a case like that, it is well worth $20 per employee for
a smartcard and a thousand for readers at each workstation. Biometrics
works well in those types of environments as well. For systems that
provide a high school webpage, probably an unnecessary expense.
Arnold Reinhold posted something on threat models a while back which
goes into detail on this subject.
Just keep something in mind throughout this discussion.
No matter whether you keep your passwords in an notebook or
scribed in Mayan stone hieroglyphs locked in an underground bunker,
there will always be someone out there who can get to them.
Security is multi-faceted - while your information may be
integrally secure (unmodified) or physically secure, it may
still be possible to compromise the security through social
engineering and general espionage. The key is to not get the wrong
people on your bad side, or amass enough resources to conduct some
serious counterintelligence tactics against them. This is exactly
what our friends in the intelligence community do - intelligence may
win battles, but massive counterintelligence wins the war.
It's most important to recognize the risks but not become paranoid.
A paranoid security consultant is his or her own worst enemy :)
--- Daniel J. Frasnelli Infosec analyst and cryptographer He who wonders discovers that this in itself is wonder. -- M.C. Escher
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:23