The Insider, Naivety, and Hostility: Security Perfect Storm?: Keeping nasties out if only half the battle.

Reviewer: George Michael White

Troy was taken from the inside. The story of the Trojan horse, known to us for more then two millennia, has endured for a long time. It tells of a universal threat, that of attack from inside the walls. Network administrators have long been exposed to threats to their networks from viruses, Trojan horses and the like. These attacks can cripple networks, and, in their most virulent forms, can destroy files, databases, programs, and other computer resources, causing many millions of dollars worth of damage while damaging corporate reputations and compromising confidential customer data. The brief report discussed here examines the threat of internal attack on a corporation's computer resources from internal sources, mostly those sources that have been allowed to pass through the corporation's firewall defenses. "The issue is trust," as it says in the opening paragraph, trust that is either explicitly granted or which has been naively not withheld. The authors quote a report that states that some 70 percent of successful attacks come from the inside. This is not to say that the problem lies with inside collaborators, but, rather, that the attacks are launched by intruders who have been extended trust, and who have used this trust to launch their attacks. Integrated systems, such as those based on component object model (COM) or common object request broker architecture (CORBA), explicitly create trust relationships with components that reside on different computers. If one of these components is accessible to modification by a hostile agent, the component can be altered to wreak havoc on the entire system of which it is a part. Email can be designed to look trustworthy by using the address of a trusted correspondent, and can be embedded with a malicious attachment. The opening of this attachment by the unsuspecting recipient will cause the damage. The incorporation of unwanted actions in Microsoft Word, automatically launched through a macro incorporated into a document, is another example. Defense against this type of insider attack is difficult. The attacker may have a different objective than the one being used by the defender. Thus, attackers may not be attacking a specific online bank account. They may be attacking any bank account they can gain access to, or, perhaps, be attacking the bank itself. Thus, a defense that works against a brute force targeted at a specific account is unlikely to succeed against an attack on any random account for which the attacker can guess the personal identification number (PIN). If the goal was to deny access to any account at a bank, the defense may be completely counter-effective. After identification of an attack and an analysis of its nature, security mechanisms can often be cobbled together after the fact. The concepts of complete trust and mitigated trust are subtle, however, and are not easily added on if the system was not designed with these distinctions in mind. Some specifications for the implementation of specific actions in software have been published by interested parties, notably in the US Department of Defense Trusted Computer System Evaluation Criteria (the so-called orange book). These recommendations are a start, but work remains to be done. This paper's authors have done a good job of introducing these concepts in remarkably few pages. Those interested in an overview on the subject of trust, and its pervasiveness in information technology (IT) systems, would benefit from reading this paper. Specialists will have to do a lot more reading if they wish to master the subject. Online Computing Reviews Service