[fw-wiz] The Mathematics of Relative Security

From: Chris Pugrud (chris_at_pugrud.net)
Date: 09/20/04

  • Next message: Crispin Cowan: "Re: [fw-wiz] The Mathematics of Relative Security"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 20 Sep 2004 10:06:17 -0700 (PDT)
    
    

    In attempting to evaluate the relative security and exposure of interconnected
    subsets of computers there is a distinct shortage of language and tools to
    algorithmically evaluate the risks between those groups.

    Set theory and discrete mathematics give us a good foundation to evaluate the
    risk exposure between groups, but those tools only work with absolutes. A
    point is either a member of a set, or it isn't. If two networks are airgapped,
    they are logically and provably separate. If two groups are joined with a
    "firewall" policy of "permit ip any any" they are logically and obviously
    joined, with the grouping inheriting the policy and exposure of the weakest
    member(s). There is nothing to take into account one-way transactions, as TCP
    permits, other than to wave a wand over distinctive sets. If two sets can
    initiate communication into the intersection, but the intersection can not
    initiate communication out, then the sets can, observably, be show to be
    disjoint, outside of the intersection.

    All of this noticably falls apart in the real world, where we have to allow
    selected ports to cross boundaries with minimal controls. How many ports
    necessitate a union, should ports be allowed higher weight than others? Can it
    be convincingly argued that port 135 carries a measurably higher risk than port
    123, or application IIS over the innumerable incarnations of application Apache
    (with which extensions, options, and controls included?) on port 80?

    I know I'm not the first person to evaluate these issues, or to initiate this
    conversation in this group. I think that this is fundamentably possible at a
    higher level, only looking at connections and direction, and provably
    unsolvable at the lowest levels of ports and protocols (reducability to the
    halting problem). I'm searching for the people here who have already done some
    of the heavy lifting and can at least point me in the right direction to enable
    some more quantifiable analysis of highly complex security environments.

    Let me know,

    Chris
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Crispin Cowan: "Re: [fw-wiz] The Mathematics of Relative Security"

    Relevant Pages

    • Re: Photos From Palm Springs
      ... conspicuous, so that its exposure to inadvertent damaged is reduced, ... as well as reducing the ports' exposure to the elements? ... test airframe got sick of poking his head with the pitot. ...
      (rec.aviation.piloting)
    • Re: Photos From Palm Springs
      ... The tennis ball, well...you know. ... A large day-glow colored cover that makes the pitot mast more ... conspicuous, so that its exposure to inadvertent damaged is reduced, ... as well as reducing the ports' exposure to the elements? ...
      (rec.aviation.piloting)