RE: [fw-wiz] Stanford break in

From: Vin McLellan (
Date: 04/26/04

  • Next message: Manson, Jim: "RE: [fw-wiz] Problems logging deny's on Cisco Routers?"
    Date: Mon, 26 Apr 2004 03:32:45 -0400

    Paul Robertson wrote:

    >Vin's reminder that regulation requires stronger authentication is a good
    >one, though I'm not sure the regulation provides all that much risk
    >reduction over good control of the access mechanism. I've seen tokens
    >taped on monitors with the PIN sticked to them.

             I think that goal-focused regulation (to use a concept now popular
    among those who are considering infosec regs inside the Beltway) will
    inevitably focus more on the potential of audit -- passive network
    surveillance for accountability -- rather than access control.

             Strong user authentication is, of course, as critical to passive
    audit records as it is to active access control.

             Dan Geer, a thoughtful guy now chief scientist at Verdasys, has
    been arguing for at least a couple of years that access controls will
    inevitably, on purely economic grounds, give way to more extensive audit
    requirements -- file-level forensic records, redefining the minimalist
    "perimeter" -- as IT security again begins to stress accountability over
    active authorization.

             As access control systems become more granular and authorization
    structures more complex, he points out, the cost of maintaining the access
    control matrix -- objects/authorization, per user -- expands at a rate
    faster than the rate of growth of the organization.

             Technical Issues of scaling become compounded by a nasty ratio of
    exponentially rising costs, and not even the efficiencies of directories
    will withstand that equation.

             In a recent interview <>, Geer put it this

             "If you double the size of the company, then you double the number
    of people and the number of resources. This quadruples the number of boxes.
    If there is a fixed minimum cost to maintaining a check in each box, then
    the cost of maintaining the matrix grows faster than linear with company
    growth. Any cost that scales faster than linear is in and of itself a
    barrier to growth. Security cannot be a barrier to growth, or people will
    inevitably work around it.

             "A similar argument applies if you are busy making your company
    more secure by subdividing rows and columns into finer grained access
    control, and that is without growing the corporation at all. Pushing access
    control too far ensures that the result is diseconomic, the only question
    is when.

             "The alternative to pushing access control farther than it should
    be pushed is to turn your security problem statements towards
    accountability. Like in a free society, there is huge efficiency in not
    having to ask permission for every niggling little thing but if and only if
    there is a high probability that if you misuse your freedom you will then
    lose your freedom. That is what accountability is. Accountability at the
    object level is where security goes next, and it goes there whether you
    come along or not."

             I'm less certain of his argument when he predicts universal
    file-level audit records -- the defensive perimeter contracted to the data
    level -- but the economic logic of his case for the rise of audit
    vis--vis access controls is compelling.


             Vin McLellan + The Privacy Guild + <>

                         22 Beacon St., Chelsea, MA 02150-2672 USA

    firewall-wizards mailing list

  • Next message: Manson, Jim: "RE: [fw-wiz] Problems logging deny's on Cisco Routers?"