May 29, 2005 (08:05 PM EDT)
Criminal Intent: What, Me Worry?
Read the Original Article at InformationWeek
I get tossed the question fairly frequently: How much cybercrime simply goes undetected? That's sort of like asking how many universes exist beyond the outer boundaries of our own. Nevertheless, cosmologists entertain the question in part by asking what our universe would look like if there were other universes out beyond our "event horizon." Similarly, you also might ask whether our infrastructure looks more like one with a great deal of undetected cybercrime or very little undetected crime. You'd probably conclude it looks a lot like what you'd expect of a universe where crime goes mostly undetected and isn't something people think much about.
We, as a group of security practitioners, need to think beyond the latest "compliance checklist" to overall improvements in the security of the network infrastructure.
Consider domain name system servers. It turns out that there are several ways to corrupt these critical address translators. One approach is to obtain root access to the server system and directly change the address translation database that's the heart of each DNS server. But it's also possible to corrupt servers in unexpected ways, such as causing upstream updates from corrupt Windows DNS servers to the past couple of versions of the Unix BIND server.
The markedly quirky DNS protocol is also a fundamentally insecure system, as updates among servers generally aren't authenticated. When DNS servers were attacked in March and April, the changes in DNS databases were large and noticeable. In some cases, the entire .com domain was rerouted to a server that tossed out banner ads, so it didn't take a genius to see that something was amiss. But given that DNS caches refresh themselves periodically, single-destination hijackings could take place under the radar. Traffic to a bank could be rerouted for a while, until the cache naturally refreshed itself, erasing all evidence of the hijacking. If the rerouted destination was a copy of the real bank's site that acted as a proxy and listened in on transactions, something akin to the perfect crime might be committed.
One suspects these perfect crimes aren't rampant right now, or else we'd hear a lot more noise from the financial sector. But it's clear that DNS, at least, exhibits characteristics you'd expect in a universe where crimes can be silently committed. It's not too hard to imagine what DNS would look like if it existed in another kind of universe, one that didn't enable opportunities for such crimes to go by unnoticed. Indeed, it might look something like the DNSsec protocol. But DNSsec has been kicked around for a full 10 years now, and it doesn't look like it's going to come into real-world use anytime soon.
In the short haul, there are some things that the security community can do to make DNS less vulnerable. For starters, administrators can bring their DNS servers up to the latest versions. There are going to be some trade-offs, insofar as BIND 9 offers less throughput than the widely deployed BIND 8, but this can be offset with more hardware. Multiple-server DNS server configurations should be architected with a "split-split" design, so there's a different server for advertising DNS records than the server used to resolve names, plus a further split between external and internal client service.
DNS isn't the only part of the infrastructure that presents opportunities for unseen crime. The Border Gateway Protocol, which handles interdomain routing on the Internet, has been in widespread use for years, and people are only now analyzing it so that security holes can be plugged.
There's more to be addressed. How about operating systems and applications that make encryption an easy default option? How about corporate insistence that these be the predominant enterprise choices, rather than operating systems that leave proprietary data lingering in disk slack space and applications that make it appear that data has been redacted, when in fact it's easily recoverable?
It's time to learn a lesson from the world of cosmology, where at least a few physics professors think the nature of our universe suggests there probably are lots of other universes out there.
Illustrations by Steven Lyons
Security Action Plans
Lock The Doors