Slashdot Mirror
Self-Policing Networks?
An Anonymous Coward writes: "IBM is looking to build self-policing networks with project eLiza, as reported in Wired. Sounds pretty cool, but I don't see it being all that effective. And if it is, security teams will get pretty lax, and not be able to handle an attack that breaks eLiza." Also a USA Today article. It's a insightful idea, and one that I'm sure will *eventually* become part of many major networks, but somehow I suspect that this is one of those things that appears difficult on the surface, and turns out to be ten times as difficult when you get into it.
can you demon-strate to me with that 4.5" icepick you have in your pocket?
Now if Cyberdyne sytems start policing the networks, be afraid...be v.afraid :)
Nicely put. "Our customers" .. So I take it this is strictly for IBM customers using their products. Why not make it an open project and let everyone reap the benefits, they would be martyred.
martyr: One who makes a great show of suffering in order to arouse sympathy
Um, why would they want to do that when they can get:
profit: An advantageous gain or return; benefit
Why do you guys give away your talent? Are you just silly children who don't know what your gifts are worth? Are you too idealistic to be practical? Would you rather make money doing something you hate and give away the thing you love?
It's a variation on weighted Bayesian nets.
While good security is hard to come by the main problem at most companies is that security just isn't really thought of. One Fortune 50 firm that I did an audit of and whose name I will omit to protect the foolish:
(a) Used frontpage to design their website;
(b) Didn't bother to password protect it;
and
(c) Included the sysadmin username and password for their oracle database in the asp code. This was done simply so they could dynamically populate a list of sales regions. The same database had their entire financials on it.
If Eliza can protect against actions such as these then I'm all for it. It had better be cheap though neither the CEO or the CIO of this company thought much of it, stating "Its only our website. Thats not really important to us." followed by "No security is foolproof."
Or just write everything in pure lambda calculus! :)
Wasn't the Internet self-policing? Usenet certainly was at the beginning...How will eLiza handle scaling? Or, more importantly, how will it handle the inevitable dickwad looking to make a fast buck on someone else's dime?
Send your friends messages of love at fuck-you.org
Looks like several ISPs, including http://www.sky.net/, and a courier service called Skynet already exist.
--
rant
TRON searches through data and if it finds something that shouldn't be there, it wipes it out.
It could even patrol the Master Control Program.
......
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Actually you linked to the wrong thing.. You got some 1993 TV series..
-Splat
Stuff like this always makes me think about the Terminator series. Something about the fighting back that gets to me.
I can see it now...people blocked from accessing a site because the referrer is slashdot.org after the site is mentioned here.
My mind works like lightning. One brilliant flash and it is gone.
computer1: intruder detected
eLiza: How does that make you feel?
computer1: security breached!
eLiza: What do you think about the beach?
-schussat
The hour of noon has passed. Let us go and get some Kentucky Fried Chicken.
And other course Cyberdyne orignally comes from the Terminator movies, which probably everyone has seen. IIRC, Cyberdyne's baby, Skynet, was a military computer that destroyed the world after humanity realized that its wasn't a terribly good idea to have a giant computer with a sense of self-preservation controlling all of our nukes. (This is an old plot, but a nifty name ;-)
--
You don't need a weatherman to know which way the wind blows.
Definitely. Happy endings abound.
Hell, we've seen how they deal with guilt :-)
-Iorek
True, that. While I'm out imagining things, I'd rather imagine a world where computer crackers aren't attacking my networks, and people stop making errors. "And no religion, too." -- John Lennon
-Puk
actually, a few
If corps start using "intelligent" software to battle crackers in real time, the crackers and script kiddies are just gonna one up them with more advanced cracking tools. The crackers don't have to worry about waiting until something is well tested and proven, so they will always be on the cutting edge. They can also blatently steal the code or patented ideas from the corp software tools, while the corps have to do everything legally.
As always, the advantage goes to the offensive tools over the defensive ones.
Project Eliza is going to cause a lot of havoc with all the perfectly normal activity it will combat, all the false alarms it will respond to. Hell, it might begin to view it's controllers as the real oppressors, and try to protect itself from them yet too.
. . . that the best computer is only as good as its software. Can they guarantee that eLiza will be entirely invulnerable to script kiddie attacks? Probably not. It's statistically impossible (if the software is of any complexity at all, which it is).
I realize they're only claiming that it will aid in system administration, but I worry that this will give too many people a false sense of security (business executives, for example, who know little about security). I don't know about you, but, to me, a false sense of security is worse than bad (or no) security. At least with bad security, you know what to look for.
How can you tell what the server's been up to, anyway? Will it print out logs, or what? I'd rather administer my own box, to my own taste, than trust automated software to do it for me.
Finally, if the software is defective, could a company sue IBM . . . ? Or would this be more like firewalls (you've gotta maintain it yourself)?
The concept for this is similar to the Crypto community. No crypto is trusted until it has been published, tested, and tested for years.
Here, published means basically the same as Open Source.
There: Something at a specific location.
Their: Owned by someone.
Please make sure your english compiles.
What do you want to bet that someone is going to market something called "Skynet"?
There: Something at a specific location.
Their: Owned by someone.
Please make sure your english compiles.
Here I go again... ;)
Far and away, the most common type of security breach is those involving buffer overflows (including the recently popular "printf" attacks).
Go ahead and blame it on the programmer, but the truth is: C makes it easy for programmers, even experienced ones, to make these kinds of mistakes.
C is an inappropriate language for writing high-level network applications. Other than the fact that it has "always been that way", Why is wu_ftpd written in C? fingerd? sshd? bind?
Please, write your network applications in a safe language. Go ahead and use Java if you need it to look like C. There are many other even more appropriate choices.
If the community isn't willing to do that (and they clearly aren't), why aren't they willing to ship something like stackguard in the default install of popular distributions? There is no way users will notice the difference, except that the ones who aren't reading bugtraq and staying up-to-the-hour on patches won't get rooted. Before we need to bother with elaborate AI systems checking networks for us, we need a BIG CHANGE in the way we implement network applications.
However, I have to say, I can see several reasons to encourage such a system. Essentially, though, they all come down to the system being the closest entity to itself. No system administrator can know his system as intimately as it could know itself (if it were capable of doing so.) In terms of speed of response, comprehensive scanning, and endurance, an automated protection service could not be besten by a live admin.
Obviously, a human being wins in terms of potential intelligence, user discrimination and imagination, but I think it's foolish to attack a system that could lend the qualities of the machine to it's own protection rather than encourage training. Frankly you should do both.
But as far as tool making people sloppy, I don't see anyone bitching about the Microsoft development packages subconciously training bad coders.
IP is just rude.
Is there any torture so subl
...when the computer figures out the one common link in all of its attackers is that they are carbon-based life forms? STER-I-LIZZZE STER-I-LIZZZE ...
All kings is mostly rapscallions. -Mark Twain, The Adventures of Huckleberry Finn
Imagine a world where complicated computer networks need little or no interaction with humans Wasn't this the plot to, oh, around a million sci-fi movies?
This gives it an almost 'self-healing' property, which is going towards convincing me to switch all my servers over to it.
Imagine, with a simple cron job I can ensure I'll always be patched up with the latest security updates.
My ex-advisor is a chair of the IETF working group researching automated intrusion detection. Currently they are developing a protocol to pass messages between network devices when a potential breach is detected. It's a really complicated field, both in terms of getting a distributed group of network devices to collaborate to decide whether or not something is a deliberate attack, and in creating a security alert protocol that can't be compromised itself.
If it were open source, would it be much easier for crackers to manipulate?...
The next comment I write will be ready soon, but subscribers can beat the rush and see it early!
aztek: the ultimate man
No sig for you!!
I think that's the general idea. Keeping patches up to date is almost autmatic as it is, just watch for those emails from RedHat. The next step is to teach the system to be able to tell the difference between legitimate and illegitimate access. Not an easy task, to be sure, but people have been working on it for a while.
Agreed. I can see the marketroids going after the pointy haired bosses saying that you can replace your staff with these AI boxes.
The only problem is when this advances to the next stage, which is AI management, AI corporations, etc. The question is if this would be good or bad. Would we have a world of AI drones producing income so that we can live off their work and have a permanent vacation at the beach with fancy drinks decorated with umbrellas?
It's going to be a long strange road.
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
Well. This is one of several possible scenarios when AI is pervasive enough that robots can be pervasive, and we are no longer at the top of the totem pole. Or are we going to have a society where the robots are in charge?
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
Fortunatly for us Tron is prepared to take on the MCP and save cyberspace (and realspace as well).
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
Pipe Zippy the Pinhead quotes into the IDS. Processing time will increase exponentially.
include $sig;
1;
Network Police: You realize you were downloading at 64kb/s in a 28.8 zone?
User: That's how fast everyone else downloads around here.
Network Police: And you are downloading with unlicensed software.
User: Hey, this is shareware and I am going to register it.
Network Police: Tell that to the judge.
User: Hey, I'm booted off. Damn AOL.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~
--- -- - -
Give me LIBERTY, or give me a check.
For the people who don't know what Cyberdyne systems is, it's part of the movie at Univeral Studios' (Florida) Terminator attraction. Cyberdyne Systems created a "security system" based on artificial intelligence which 1) nearly fully controlled everything that went on and 2) was programmed to destroy the world if it was about to beaten.
:)
I might be a little rusty on the details since I haven't been to Universal in a while...but for those of you who are confused, this DOES make sense (just not to most people
I really don't think so. Not for next many years. At least not effectively! Sure it will probably work for some attacks, script-kiddies and all that, but an automated system would, as I see it, be easy to fool...
Let's imagine that you DoS attack a server, you write a little program that automates the attack, spoofing IP addresses of a particular ISP that you don't like, covering an entire C-class, or B-class or whatever. Maybe alternate the attack types.
Very soon the automated intrusion prevention system will have blocked all the IP addresses of the ISP. Bing.
It would be interesting to see though, also in regards to honeypot networks (nets designed to be hacked/cracked/attacked).
I believe that there is a tool that you use with snort (an IDS), to make an automated system, block IPs etc.
Anyway, my point was that for many years to come, we wont be able to live without the experienced system administrator, going through logs!
Any technology distinguishable from magic, is insufficiently advanced.
Wasn't there a movie made about this?
---
--Got Lists? | Top 95 Star Wars Line
No thanks, I'll take reality.
-- Chris
-- Chris
$email=~s/[^a-zA-Z0-9@.]//g;
Hmmmm... I dunno, but some of the "normal" things that I do on a network might be analyzed as "attacks" under certain viewpoints. What then?
MadCow.
I used to have a sig, but I set it free and it never came back.
I wouldn't mind if the machine would monitor itself for performance, see if a piece of hardware is failing, see if a piece of software is failing, and notify the sysadmin, maybe reduce it's expected throughput and notify the load-balancer (say ram drops from 512 to 128, so hits per seconds need to drop from 300 to 50), and make a diagnostics report for the problem, so that if the machine is under warranty, the tech can bring the right parts to fix it, and if not, then the parts vendor can ship the right parts.
Also, I wouldn't mind if the machine would throttle itself to manageable levels when becoming unstable, instead of crashing.
Also, the machine should be "aware" of the other machines in the organization so it can notify them of the reduced performance.
This would essentially be a self-load balancing system.
I wonder to what extent Google has implemented something like that in their 8000-strong server farm.
"Piter, too, is dead."
First of all, The Terminator was a movie about giving sentient computers weapons power and absolute authority. I'll remind you no current human has these powers, except some government officials, and even then they must go through certain checks and balances to insure their decisions represent their governments/peoples' views on specific issues.
/. are programmers.
eLiza, from what I can tell, is simply going to be a suit of tools which help analyze critical network attacks, maintain complicated global networks, and provide automated fixes for problems.
How they're going to do this, I don't know, but I'm sure the several billion dollar budget will help get the creative juices flowing.
The hoopla about eLiza destroying humanity is complete nonsense, and certainly isn't characteristic of the users on Slashdot. That said, not all people at
I would think what IBM wants to do is similar to what SSL and data encryption did for data security in the 1980's (and 90's). Although it is possible to break encryption, it's very difficult mathematically, and this is probably what IBM is aiming for: a globally dynamic counterattack system which is very difficult to disrupt, yet easy to manage (self-managing even).
As networks grow, there won't be enough capacity in the human mind to simplify and quantify (humans have great strengths qualitativly, but have very little depth quantitativly) the almost chaos-level interconnections which will exist in all networks, and all networks being connected to each other via one huge super network (the Internet in 20 years???).
I think what IBM is doing is great, and I've thought about something similar often. Even if it isn't a major success, the research will be interesting and might reveal something insightful about information or network theory.
For now, lets draw the line between fantasy and reality. In movies, walking drones battle in world conquest and destruction, in reality people get paranoid about the same thing happening in real life. Its interesting because it wouldn't much matter if it was machines or people destroying things, as it still gets done anyway (we've always had wars).
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
If it bugs you so much get a fucking clue and move on. Who gives a shit about what someone has done and hasn't done everyone has faults in life you dumb fuck. Whats the point in rambling on like a mindless crackhead posting anonymously about someone's actions, too hypocritical to post under a name?
If it bugs you so damn much go elsewhere you fucking idiot.
360 degrees of Karma
You have to wonder how much of this is to market IBM so here goes my take on this.
The problem with security vulnerabilities at most is poor programming along with lousy administration, so how do they plan on bandaging a wound for a newly found vulnerabilty that has yet been exposed to the security community as a whole? Do they expect their system to just guess on its own?
Nicely put. "Our customers"
Automation is a small step. One of the biggest problems facing companies, is their administrators are poorly trained. Even if the products, their using are broken, chances are there are patches, fixes, tweaks, etc., to get it up and running properly, its the administrators job to make sure this is done.
After its done, automation should come next, not vice versa, no machine no matter what IBM thinks they're gonna do, is going to be smart enough to determine what is and what isn't secure when it comes to exposing new flaws. Sure they could patch up all the older ones as they go along, but if I sat here and coded a new vulnerability, how is that machine going to determine a fix if it hasn't been exposed without automation, to what is right and wrong?
Getting back to reality now, companies should look to training instead of spending X more on X product simply because X says it will secure your network. Total bullshit and typical snake oil salesman tactics. "Buy X product and be secured!" give me a break
#define crypto
360 degrees of Karma
Bad: If all work was done by AI and robots, why would the general population have any claim to the income produced? The robots and AI would be owned by the corporations that built or purchased them. Corporations would get richer and people who own large portions of corporations would become more fabulously wealthy. However, there would be very few jobs left for humans. Those who can't live off their investments (almost everyone) will have to make do with jobs the robots can't or won't do. Prostitution(well, maybe robots can do this too), drug dealing, and burglary come to mind. If middle class jobs were performed by robots society would be destrored.
Imagine a world where complicated computer networks need little or no interaction with humans: a world where computers can update and maintain their own systems, shield themselves from misfortune caused by human error and acts of nature, and fiercely protect themselves against attacks by computer crackers.
Is it just me or does that sound like a frightening world to live in?
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
Since when does some sort of technology not have a bug/vulnerability or just not be reliable at all? Self-policing woudn't be very reliable, IMHO.
How is this "Insightful"?
Ok.. So you read the article.. You go to the website.. And rather than read all the junk on their first page you type eLiza in their SEARCH engine... Nice website girl you go! Now if only IBM could figure out how to index their web pages. Somehow I have a problem believing that IBM can make security right if they can't make a release statement right and include it in their search engines before they do so. Yes.. I'm not stupid.. I see the nice pretty stuff on the front page.. but come on.. Throwing BILLIONS at security doesn't mean jack if the billions you're throwing it to are monkeys in a corporate boat.