How to limit the damage from hackers

Jul 25, 2011 2:56 AM
Filed under Security
Page 5 of 6 | Single page

“This area lacks precision and science,” he says. “It’s mostly ad- hoc. It’s not like building a physical system, like a bridge, where you can estimate its lifespan, capacity and ability to resist wind. There’s no metric to security. You can’t apply mathematical formulation and rate the security of a system. Imagine if we had that, you’d be able to make rational decisions over which system and security is better. If we had that ability, then problem solved.”

So, as users await algorithms that could be decades away, Stolfo says the security industry must up the ante, drop conventional wisdom for a moment and think like a contrarian. An idea Stolfo suggests is what he calls “fog computing”, in which infected organisations mix decoy data with actual data that the attackers are trying to hijack.

“Let them break through – because they’re going to break through – and then give them something that’s going to poison them,” Stolfo says.

This tactic accomplishes two things: First, organisations limit the amount of real data that leaves their walls and, second, arguably more importantly, they are able to measure the course, cost and effort of the adversary.

Looking at the success of advanced malware from a more macro level, perhaps the celebrity hacker subculture partially also is to blame.

Marc Maiffret believes it is.

He says events such as the annual Black Hat Briefings conference, in which speakers often parade to the stage like famous stars to present their zero-day findings, contributes to a lack of interest in defensive disciplines.

Maiffret is no stranger to the stardom that can be cast on a hacker prodigy, having discovered big vulnerabilities in Microsoft products, including the hole that enabled the Code Red worm, before he was even old enough to drink. In 1999, he was featured on MTV’s True Life: I’m a Hacker and later was named to People’s 30 People Under 30 list.

But after a while, the allure of finding security bugs grew old.

 
Follow us on Facebook and Twitter
 

Copyright © 2010 Computing

How to limit the damage from hackers
 
 
 
 
 
Top Stories
Reseller pays $2.65m for telco specialist
Acquisition scene heats up as JCurve makes another buyout.
 
Kytec files for administration, new company set up
Driven by management buyout, says MD.
 
Dataflex reborn under new owners
Buyer aiming for $30m after second acquisition in six months.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 326 | April 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.