Self-Policing Networks?

An Anonymous Coward writes: "IBM is looking to build self-policing networks with project eLiza, as reported in Wired. Sounds pretty cool, but I don't see it being all that effective. And if it is, security teams will get pretty lax, and not be able to handle an attack that breaks eLiza." Also a USA Today article. It's a insightful idea, and one that I'm sure will *eventually* become part of many major networks, but somehow I suspect that this is one of those things that appears difficult on the surface, and turns out to be ten times as difficult when you get into it.

sad state of security today

While good security is hard to come by the main problem at most companies is that security just isn't really thought of. One Fortune 50 firm that I did an audit of and whose name I will omit to protect the foolish:
(a) Used frontpage to design their website;
(b) Didn't bother to password protect it;
and
(c) Included the sysadmin username and password for their oracle database in the asp code. This was done simply so they could dynamically populate a list of sales regions. The same database had their entire financials on it.
If Eliza can protect against actions such as these then I'm all for it. It had better be cheap though neither the CEO or the CIO of this company thought much of it, stating "Its only our website. Thats not really important to us." followed by "No security is foolproof."

Re:Eliza?

[schussat]

What does it do, psychoanalyze the attacker?

computer1: intruder detected
eLiza: How does that make you feel?
computer1: security breached!
eLiza: What do you think about the beach?

-schussat

Eliza?

[johnathan]

What does it do, psychoanalyze the attacker?

--

Cracking tools will get better too

[isaac_akira]

If corps start using "intelligent" software to battle crackers in real time, the crackers and script kiddies are just gonna one up them with more advanced cracking tools. The crackers don't have to worry about waiting until something is well tested and proven, so they will always be on the cutting edge. They can also blatently steal the code or patented ideas from the corp software tools, while the corps have to do everything legally.

As always, the advantage goes to the offensive tools over the defensive ones.

Re:A Nicer World Please?

[hillct]

The second paragraph is even worse:

Big Blue announces a multi-billion dollar program designed to create a world populated with self-managing computer networks that can ensure their own survival and stability.

Wasn't there a movie made about this?
---

Re:intrusion detection

[Jade+E.+2]

I dont know exactly what (all) methods they employ to detect attacks, but the University of Arizona is already using autonomous intrusion detection boxes. I do, however, know 2 things about them for sure:

1) When they detect intrusions, their response is to telnet to the edge router for whichever line the attack is coming through, and block the IP there, for increasingly longer periods.

2) They consider it an attack if you try to FXP a file to a server inside the U when both you and the source server are outside. This is, of course, how I first became aware of them.

The netadmin I know there tells me these boxen are called 'NetRangers', and we had a lengthy theoretical talk about how scary it is for autonomous devices to have exec access to your routers, and wondering whether they're smart enough to detect a constant barrage of packets with rotating forged sources before most of the internet is blocked at the routers.

A Nicer World Please?

[neoshroom]

Imagine a world where complicated computer networks need little or no interaction with humans: a world where computers can update and maintain their own systems, shield themselves from misfortune caused by human error and acts of nature, and fiercely protect themselves against attacks by computer crackers.

Is it just me or does that sound like a frightening world to live in?