21.4 CONCLUSIONS

Team-Fly

21.4 CONCLUSIONS

More often than not, security people elaborate on and argue about the importance, usefulness, and suitability of specific security technologies without having the relevant vulnerabilities, threats, and corresponding risks in mind. For example, using a secure messaging scheme, such as PGP or S/MIME, is almost useless if you have nothing to lose and all you want to do is forward electronic versions of the latest jokes to a friend. The use of a secure messaging scheme, however, is very useful if you want to transfer an electronic order to an e-commerce service provider. Consequently, all we do in terms of security should be driven by risk management considerations. Remember, for example, the discussion we briefly started toward the end of Chapter 19 regarding the relationship of trust management and risk management.

Historically, the usual way to manage risks in the IT world started with a formal risk analysis. This has changed and we start seeing two trends:

1. Formal risk analyses are being replaced with alternative approaches and technologies (e.g., security scanners and IDSs).

2. Preventive security mechanisms are being complemented by detective and reactive security mechanisms.

The first trend occurs simply because formal risk analyses are difficult and labor-intensive and because they poorly scale to large corporate intranets. Contrary to that, the second trend occurs because preventive security mechanisms, such as firewalls and the use of cryptographic security protocols, have turned out to be incomplete, meaning that they do not patch all vulnerabilities and do not protect against all possible threats. As an approximation of the first degree, you may think of all systems and applications to be vulnerable and exploitable by specific attacks. This is true even if the systems and applications use sophisticated preventive security mechanisms. In fact, it is possible and likely that security breaches and vulnerability exploits will always occur and compromise the security of our systems and applications. The role of the preventive security mechanisms is only to lower the likelihood that a serious exploit will happen.

Against this background, we have to think about detection and response. How do you, for example, make sure that exploits and attacks are detected in the first place? Note that, contrary to the real world, a victim must not necessarily be aware of the fact that he or she has become a victim in the digital world. Data can be copied electronically without leaving any traces. Similarly, what do you do if an exploit or attack is actually detected? How do you respond to exploits and attacks? In either case, you need detective and reactive security mechanisms. One may argue that detective and reactive security mechanisms are becoming more important because of the incomplete nature of the preventive security mechanisms we have in place today. In his latest book [10], Bruce Schneier provides some strong arguments about the importance of detection and response and why they are important in the insecure IT world in which we live today. When you are designing security for an intranet environment, you should carefully think about the role of detection and response. These components are in fact becoming increasingly important.

Team-Fly