Slashdot Mirror
Biological Network Security
mercut writes: "A friend of mine recently wrote a Guest Feature on SecurityFocus about Biological Network Security. It has some interesting implications and I thought the /. community could provide some good perspective into IDS communication and security."
Those working with computers stand to gain a great deal from considering biology and anatomy when designing systems. Artificial Intelligence is a field where this has already been applied extensively and beneficially, with the use of genetic programming.
The human body (used here only because it's the most familiar to the average person) works. It has some problems, but the design is solid. We don't experience network downtime, and the majority of infections or intrusions we suffer are automatically dealt with. It makes sense to look to a model that's had 4 billion years to evolve- computer networks are pretty similar in function if you're not too pedantic about it.
visit the hwky website for a lyrical genius infusion.
or chemotherapy, for that matter...
you know, there's something to be said about targeting the immune system.
1. The C buffer overflow problem will not be solved as long as pointer arithmetic is allowed. When computing resources were tight, it made sense to combine control and data into a single stack. Now, we are stuck with that decision. We have programming language solutions that people choose not to use (e.g., Java). Buffer overflow is no longer a technical problem; it is a social problem.
2. I agree with everything else. I think security policies and access control is the next great area for security research. There is a huge disconnect between low-level policies (e.g., file permissions) and higher-level policies (e.g, use groups). As things become more distributed, the gap will widen.
Given how easy it is to spoof traffic over the insecure IP and TCP protocols, all an attacker would have to do is spoof some attacks coming from some of AOL's IPs, and all of a sudden all AOL users can't access your site, since the CAS system told the backbone routers to block all the AOL IPs
If you use the biology metaphor, this is an alergy. Your system is reacting aggressively to something that isn't a threat.
IDSs have had the ability to configure firewall ACLs for years via OPSEC SAMP, etc., but almost no-one uses it for this very reason, it's just too easy to trick.
The real solution is to redesign the internet protocols with security in mind. Something like IPSec does a lot more than this proposes system ever would.
The one good idea the article had was centralized analysis, but as the article mentioned, this was discussed more thoroughly in a previous article on securityfocus.
IDS and biological security are neat but it will be quite some time before they can be deployed on a large network. The reason: bandwidth. If you read the article and look at the included architecture diagram, this should be obvious. To make IDS work, your IDS device must, at a minimum, see all of the incoming ("dirty") traffic on your network. If you have anything more than a single T3 coming in, the amount of data to be analyzed is just too great. Correct me if I'm wrong but is there any machine which is capable of analyzing (in real time, mind you) 150+Mbit/sec of traffic? In addition to monitoring this traffic, a true IDS needs to look for patterns and signatures over a period of time. The processor and storage requirements for this sort of thing are just too enormous.
Chris
Couldn't get past this "...Initially, little consideration was given to network security,...
:: INTERNET.
"little?"
What is this guy talking about? I've seen this kind before. Their facts are fudged in the 1st few sentences.
As an example, the decentralized design of ARPARNET then later on the Internet had lot of security in mind.
MILITARY(read security) + SCIENCE/ENGINEERING (read brains) = ARPARNET