On Tue, 18 Jan 2005 14:31:39 EST, "Sigmon Cheri Y Civ 82 CSS/SCPD :: Software Dev" said:
> I'm certain you've seen similar situations... where there are groups of
> people who are very opinionated one way or the other. My concern is the best
> solution(s) security-wise, regardless of the source. Any comments?
> From a broad-brush perspective?
Define "best".
Most secure, no matter *how* hard it is to use? There's some pretty bad-ass
MLS systems available - and they're often a royal pain to *do* anything (because
you keep finding you can't easily get around some compartmentalization feature
that's intentionally getting in your way). This one's easy. Turn it off, encase
it in a large concrete block, and dump it into the Marianas Trench. Quite
secure, but not very useful. (Apply some thermite along the way if you're *really*
paranoid).
Most secure you can get for free? For some sites, budget overrides all. For
others, there's a political statement to be made by using open source. Some
people like the fact that open source support is essentially automagically
outsourced (meaning *you* don't have to do it) - others find the fact that
updates are controlled by by foreign nationals to be a problem (I'm sure
there's .mil and .gov sites that have issues with the fact that Linus will
accept patches from programmers in countries on our current shit list).
Most secure that you can deploy to 50K users and not overwhelm your help desk?
Remember that free software that confuses your users may cost you more in
support.
Most secure that you can deploy without making your users change operating
systems? Is the perceived higher security of MacOS enough to replace a large
number of cheap Wintel boxes with Macs? Or maybe it just has to *LOOK* like the
same system (gtk themes, anybody? ;) to avoid retraining costs?
Most secure that will still run your mission critical software? Is the added
security worth a costly migration to some other software package? This is a
*different* question than the previous...
You have an af.mil address - your needs are different than mine. There's
probably systems at your site not connected to the net, in locked rooms with
Marine guards. I've got probably at least 2,000 systems in open or semi-open
labs, wireless all over the place, and all the other joys of a university
environment. I probably can't get away with securing a system by only
providing one terminal and a Marine guard with orders to shoot anybody
unauthorized who gets within 5 feet of the terminal, and there's no way
a .mil site could do some of the things we can do.
For that matter, we intentionally *don't* apply the same security solutions
across our campus. What works best for our main database systems that are
locked in a machine room and only have several dozen actual userids, all
of whom are full-time IT professionals, is something *totally* different than
we want to push to professors who *don't* care about security, they just
want to get work done. And we need different solutions entirely for the
dorms, because there we have to protect the rest of the Internet from machines
that we don't own....
Remember that security is a process, and a balancing act. Let's say your
security budget is S, the cost of an incident is C, and the likelyhood of
an incident is P. If you can make S = C*P, you have perfect security (if
S is greater, you're spending too much, and if S is lower, you could still
save money by increasing S). Those of you who want to model multiple events
and costs can generalize it to a summation across all C(sub n)*P(sub n). ;)
The really mathematically astute will realize that (a) if you're bothering
with the summation, the function quite possibly has multiple local maximums
and minimums, and (b) the exact location and value of said inflection points
of the curve depend on coefficients that are basically non-measurable, and
you're left making educated guesses ("What's the % chance per year of compromise
of a fully patched Windows box with an idiot user, and the %chance for a box
that's missing some patches, but has a user who doesn't click on every "ooh
shiny?" and the ever-favorite "What's the least costly (money, people time,
political brownie points) way to convince a particular Very Important
Butthead to buy in to a specific proposal, or should we just punt and
do things some way that V. Butthead will go along with?")
> I'm certain you've seen similar situations... where there are groups of
> people who are very opinionated one way or the other. My concern is the best
> solution(s) security-wise, regardless of the source. Any comments?
> From a broad-brush perspective?
Define "best".
Most secure, no matter *how* hard it is to use? There's some pretty bad-ass
MLS systems available - and they're often a royal pain to *do* anything (because
you keep finding you can't easily get around some compartmentalization feature
that's intentionally getting in your way). This one's easy. Turn it off, encase
it in a large concrete block, and dump it into the Marianas Trench. Quite
secure, but not very useful. (Apply some thermite along the way if you're *really*
paranoid).
Most secure you can get for free? For some sites, budget overrides all. For
others, there's a political statement to be made by using open source. Some
people like the fact that open source support is essentially automagically
outsourced (meaning *you* don't have to do it) - others find the fact that
updates are controlled by by foreign nationals to be a problem (I'm sure
there's .mil and .gov sites that have issues with the fact that Linus will
accept patches from programmers in countries on our current shit list).
Most secure that you can deploy to 50K users and not overwhelm your help desk?
Remember that free software that confuses your users may cost you more in
support.
Most secure that you can deploy without making your users change operating
systems? Is the perceived higher security of MacOS enough to replace a large
number of cheap Wintel boxes with Macs? Or maybe it just has to *LOOK* like the
same system (gtk themes, anybody? ;) to avoid retraining costs?
Most secure that will still run your mission critical software? Is the added
security worth a costly migration to some other software package? This is a
*different* question than the previous...
You have an af.mil address - your needs are different than mine. There's
probably systems at your site not connected to the net, in locked rooms with
Marine guards. I've got probably at least 2,000 systems in open or semi-open
labs, wireless all over the place, and all the other joys of a university
environment. I probably can't get away with securing a system by only
providing one terminal and a Marine guard with orders to shoot anybody
unauthorized who gets within 5 feet of the terminal, and there's no way
a .mil site could do some of the things we can do.
For that matter, we intentionally *don't* apply the same security solutions
across our campus. What works best for our main database systems that are
locked in a machine room and only have several dozen actual userids, all
of whom are full-time IT professionals, is something *totally* different than
we want to push to professors who *don't* care about security, they just
want to get work done. And we need different solutions entirely for the
dorms, because there we have to protect the rest of the Internet from machines
that we don't own....
Remember that security is a process, and a balancing act. Let's say your
security budget is S, the cost of an incident is C, and the likelyhood of
an incident is P. If you can make S = C*P, you have perfect security (if
S is greater, you're spending too much, and if S is lower, you could still
save money by increasing S). Those of you who want to model multiple events
and costs can generalize it to a summation across all C(sub n)*P(sub n). ;)
The really mathematically astute will realize that (a) if you're bothering
with the summation, the function quite possibly has multiple local maximums
and minimums, and (b) the exact location and value of said inflection points
of the curve depend on coefficients that are basically non-measurable, and
you're left making educated guesses ("What's the % chance per year of compromise
of a fully patched Windows box with an idiot user, and the %chance for a box
that's missing some patches, but has a user who doesn't click on every "ooh
shiny?" and the ever-favorite "What's the least costly (money, people time,
political brownie points) way to convince a particular Very Important
Butthead to buy in to a specific proposal, or should we just punt and
do things some way that V. Butthead will go along with?")
Now, what were you saying about "the best"? ;)
[ reply ]