Predictability Can Be Fatal
eSecurityPlanet Columnist George Bakos says that in computing, as in life and love, being predictable can be a fatal flaw. Hackers and worm authors thrive on default settings. Bakos talks about how to get around that.
When I was still in my formative years, I (like most other post-pubescent males) was always hunting for the magical key to youthful bliss. There just had to be a common vulnerability -- the right line, the right look, the right attitude, whatever -- that the vast majority of the opposite sex would instantly fall for.
Although some claim to have, I never found it.
For some reason, every young lady that I came across had something unique about her. Whatever ploy, tactic, or stroke of dumb luck I found momentary success with once, failed miserably on the next go around. Were they secretly plotting against my teenage happiness? Was there a conspiracy involving all young womanhood?
To put it in geek terminology: There is no default configuration amongst women.
When Dan Geer, Charles Pfleeger, et al. last fall released the incendiary report, ''Cyber Insecurity: The Cost of Monopoly'', quite a few folks perked up, including Dr. Geer's employer.
In the report, this team, which was made up of some of the world's foremost authorities on security, present a powerful argument against what has become the status quo in much of the corporate and government IT realm.
To make a long story short, the report claims that Microsoft's dominance has created a global target environment that leaves little guesswork for the bad guys (girls, things, dogs, whatever) while the good guys find themselves in ever-shortening supply, trying to defend increasingly complex, yet predictable, systems.
That, predictability, can be fatal.
Referring to Nimda and Slammer, they wrote, ''These worms did not have to guess much about the target computers because nearly all computers have the same vulnerabilities.''
Let me say that the problem that's going to have you pulling your hair out when the next virus/worm/rootkit hits the streets, is predictability.
Defaults. That's the ticket in. That's what the worm authors are banking on. Nimda relied upon them, and so did Blaster, SQL-Snake, Code Red, and nearly every other self-propagating beastie since the Morris Worm hit the wild 16 years ago.
Here's a look at some of the default conditions that a few mass attacks took advantage of:
Across the board, no firewall was enabled... by default.
Now, we're not going to delude ourselves into believing that automata are the only things that ail our information systems. There are plenty of other information warfare tactics that are equally, if not more, destructive and costly. But worms sure take a bite.
Off the top of your head, how many hours have you or your staff spent on cleaning up the past year's worth of pseudo-randomly targeted attacks?
Continue on to hear how being different, and even being obscure, can be your biggest weapon against attacks.