Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

System Sentinel: The Encryption Myth

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • System Sentinel: The Encryption Myth

    ** This thread discusses the article: System Sentinel: The Encryption Myth **
    ** This thread discusses the Content article: System Sentinel: The Encryption Myth0

  • #2
    System Sentinel: The Encryption Myth

    ** This thread discusses the article: System Sentinel: The Encryption Myth **
    Now, I may regret tackling a former lead security architect for the i5, but I know a thing or two about security myself. You are oversimplifying both security and human behaviour! It is simply incorrect to imply that hackers go for *ALLOBJ and will settle for nothing else. Hackers are opportunists. Certainly they will try for Security Officer authority, or Administrator, or Super User, or All Objects authority, but they take what they can get. Some accounts are very powerful but only within a specified application. Some accounts are "regular joe/jane user" accounts. A hacker gathers these in the hopes of leveraging their access upwards, but even the basic capabilities are worth something. Furthermore, because of i5 adopted authority, sometimes low level accounts can act like more powerful accounts. You are also assuming that everyone is of an equal knowledge level, and that no one ever does anything dumb, or destructive, even self destructive. In the real world, people send confidential information out through the Internet all the time. I feel confident that much of this information is not encrypted, but would be better protected if it were. We can easily meet your test of having the encryption keys on the same hard drive, and handled by the OS. As long as it isn't on the same file/table as the data being sent, the data is reasonably safe. You are also doubtless aware that multi-layered security systems are, in general, more secure than single layered security systems. Having access control is great, but what if that layer is breached? There is no such thing in the absolute sense as "security". Systems are only more secure or less secure. Making them more secure is always a tradeoff against ease of use, and you have to be very careful about implementing security systems that sound great on paper but will be defeated by human behaviour.

    Comment


    • #3
      System Sentinel: The Encryption Myth

      ** This thread discusses the article: System Sentinel: The Encryption Myth **
      One of the key points in creating a secure data record is to NOT have the KEY stored with the DATA. How secure is your home if you lock the door and hang the key on a hook next to the door? Determined thieves love to find victim's "clever" hiding places and make short work of getting into locked buildings. (That concept is so common that Walt Disney immortalized in the film "Snow White" more than half a century ago when the last dwarf out of their mine locks the door and then hangs the key next to the door). It is human nature to want an easy way to gain rapid access but the price of security is additional layers of protection. Pat's point about the German communications security is valid but the more blatant and serious problem was that many of the radiomen began their messages with the dial settings (essentially the combination) for the cypher machine IN CLEAR TEXT before the sent their encrypted messages. They did this on the assumption that only another German military unit would be able to use the combination. Boy were they wrong! My point is that they keys to the encrypted data must be secured on another server, on a physical device that is not attached to the network, by a manually entered password with a unique and constantly changing algorithym or some other method such as biological ID. Then the users must be made aware of the absolute necessity of protecting the keys and the data with equal dilligence and immediately report any compromise of either.

      Comment


      • #4
        System Sentinel: The Encryption Myth

        ** This thread discusses the article: System Sentinel: The Encryption Myth **
        It is simply incorrect to imply that hackers go for *ALLOBJ and will >settle for nothing else.
        I agree!!!! However, access control protects you against all but those with *ALLOBJ!!! That is my whole point. If you have access control set up correctly, encryption provides no extra protection.
        Some accounts are very powerful but only within a specified application. Some accounts are "regular joe/jane user" accounts.
        Ok. Lets look at a program that automatically decrypts certain data but only for "regular joe". How does encryption protect against a hacker that logs in with "regular joe"??? It doesn't. It will decrypt the data for him. If the hacker logs in with some other "regular jane" account, then access control protects the data. The fact that it happens to be encrypted too is moot.
        A hacker gathers these in the hopes of leveraging their access upwards, but even the basic capabilities are worth something. Furthermore, because of i5 adopted authority, sometimes low level accounts can act like more powerful accounts.
        Sure, but encryption does nothing to stop this. If they are authorized to run a program that adopts authority and automatically decrypts the data, then encryption provides no additional value. Once they get to *ALLOBJ, encryption still does nothing to stop them.
        You are also assuming that everyone is of an equal knowledge level, and that no one ever does anything dumb, or destructive, even self destructive. In the real world, people send confidential information out through the Internet all the time. I feel confident that much of this information is not encrypted, but would be better protected if it were.
        Again, as long as people want encrypted data to be automatically decrypted for those who are "authorized" then encryption provides no protection against those that do dumb stuff. If you don't authorize people to data they shouldn't be able to access, they can't do anything dumb with it -- they can't do anything with it. Encryption does not provide the protection -- access control does.
        We can easily meet your test of having the encryption keys on the same hard drive, and handled by the OS. As long as it isn't on the same file/table as the data being sent, the data is reasonably safe.
        Access control provides the same level of protection. While encrypting the data does not make it less safe, it doesn't make it any more safe. Access control is sufficient to protect you against the "regular joe" -- assuming you get it right. And if you don't get it right, encryption still does not protect you. Encryption cannot protect you against privileged individuals. As far as layered security, certainly this has value -- but only when each layer provides a different kind of protection. For example, firewalls force you defeat a network-based control, while access control forces you to defeat an entirely different mechanism. If you encrypt data that can be decrypted by a key that is accessible from the same machine as the encrypted data, then an attacker only has to defeat access control. In my opinion, it is not valid to assume that an attacker can defeat the access control mechanism in order to get at the data, but cannot defeat it to get at the key. The only thing that protects you in this case is "security by obscurity" and we know that is no security at all.
        There is no such thing in the absolute sense as "security". Systems are only more secure or less secure.
        Boy, if we could just get the other 99% of the public to understand this... But your point is based on the assumption that having data encrypted on disk and decrypting it automatically for those who are authorized to it (or to the program that decrypts it) adds more security. It doesn't. I only have to break the access control mechanism (or spoof my way past it). I don't have to break the encryption. The message is: Spend your time and money on getting access control right. If you want to spend more money on encrypting/decrypting data automatically afterwards, then have at it. But it won't provide you any more protection beyond what the access control mechanism does.

        Comment


        • #5
          System Sentinel: The Encryption Myth

          ** This thread discusses the article: System Sentinel: The Encryption Myth **
          My point is that they keys to the encrypted data must be secured on another server, on a physical device that is not attached to the network, by a manually entered password with a unique and constantly changing algorithym or some other method such as biological ID. Then the users must be made aware of the absolute necessity of protecting the keys and the data with equal dilligence and immediately report any compromise of either.
          I agree 100%!!!! This is a valuable use of encryption. However, it is NOT workable for data that must be used in the normal course of a business cycle. Encrypting data on backup media provides value (as long as the key is not stored on the media). Encrypting data as it flows over a network is a valuable use of encryption. But encrypting data that is automatically decryptable by a program with no intervention of a human provides no value. It's the access control that provides the value.

          Comment


          • #6
            System Sentinel: The Encryption Myth

            ** This thread discusses the article: System Sentinel: The Encryption Myth **
            However, it is NOT workable for data that must be used in the normal course of a business cycle. That is like saying that it is not workable to have merchandise secured from theft if you want to sell it! Every store makes a compromise between security and customer access, the expensive jewelry and electronic equipment has more rigorous access control than the light bulbs and underwear. When we take the attitude that universal ease of access trumps all other requirements we have already surrendered the protection. For example, the common use of software that can "remember" our passwords is a response to complexity and the individual's difficulty coping with the proliferation of secured access but it amounts to unsecured access to anyone who really understands the process. Letting software remember passwords should rarely be used and only if one is willing to sacrifice the information protected by it. What really needs to happen is for organizations to take security seriously and say to employees and customers, "It may be more difficult to manage but you must be willing to stop and intervene to provide the access codes or we CANNOT secure your data."

            Comment

            Working...
            X