A better analogy for these e-mail worms is this:

Microsoft is like the construction company that builds the huge tower. For the sake of this analogy (and my own amusement) we'll call this company MacroHard

Joe User bought the building from MacroHard.

MacroHard provides a security service for the building, with the task of keeping out those who do not belong.

One day, some stranger on the street comes up to Joe User in front of his huge building and gives him a "gift." He might say it's from a friend, he might say it's a surprise. He might even say it contains important correspondence from MicroHard.

Joe User proceeds to take the "gift" into his building, taking the courier at his word.

I think we all know what happens next.

The gift (which may or may not look and appear to be what it claimed) contains a weapon, a bomb, or evil robots that can be remotely controller by whoever sent it.

So how do we prevent this from happening? Well, it's MacroHard's job to secure the building, right?

So now we need to inspect all of the authorized personnel to make sure they aren't unknowingly carrying something dangerous. But how many corporate executives like being searched everytime they go to the office?

The security people can warn anyone who comes into the building that accepting gifts or deliveries from strangers can be dangerous. Even if they claim to be coming on behalf of a friend or trusted authority.

They can put up signs. They can put up metal detectors. They can have surveillance not only in the buildling but near it. They can restrict your access more and more.

But in the end, the problem will always remain. The owner of the buildling, or of the computer, wants ultimate control of their property.

They tell the builders and the security people that they want protection so that they don't do something stupid. But then when you try to protect them, they think you're trying to hide something from them.

So we can go after the culprits. Make it harder and riskier for these offenders. Build a system where we can track them better. But if we do that, the people we're trying to protect will again complain. We're invading their privacy. We're making them work too much.

So they want us to protect them from themselves, but we have to do it without them knowing about it. Wonderful.

Solutions in the IT world often rely on mitigating the effects of these problems:

-A distributed base. Don't build systems vertically so that the base cannot be knocked out from under it.

-Redundancy.

-Rapid Fail protection. Cut off a limb to save the rest of the body. Or quarantine the infected population to protect the rest.

-Faster response time.

So when some executive brings a "gift" into the office and one branch is destroyed... we want to isolate the problem, protect the rest of the company. We want to warn them to tighten their security and IMMEDIATELY determine what happened and how to protect our other branches. And then augment their security systems without delay. We also have to be ready to rebuild that particular branch mind-bendingly fast.

Of course, computers aren't buildlings... and attacking a computer or network will likely not result in injury or death. But the analogy holds. The injury is typically a financial one. But it still hurts.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/228/25409#25409