Slashdot Mirror

← Back to Stories (view on slashdot.org)

Biological Network Security

Posted by timothy on from the not-fingerprints-and-iris-scans dept.

mercut writes: "A friend of mine recently wrote a Guest Feature on SecurityFocus about Biological Network Security. It has some interesting implications and I thought the /. community could provide some good perspective into IDS communication and security."

4 of 83 comments (clear)

  1. Biological defences by Nick+Smith · · Score: 5, Funny

    Does this mean having a cadre of Winged Monkeys to despatch upon evidence of network intrusion?

    "A DDOS attack coming from some script kiddie in Newark... Fly, my pretties, fly..."

  2. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  3. Interesting, but flawed by justin.warren · · Score: 5, Insightful
    It was an interesting read, but the author is a little off base with the analogy. I believe an analogy with more direct correlation to the real world would be more like this:

    Semi-permeable membranes, aka firewalls. A person's skin acts as a pretty good firewall, allowing certain substances in or out and is mostly successful. It is possible to exploit it through making harmful substances appear to have the signature of allowed substances, in the same way that allowing inbound connections of any kind permits other connection types to mimic it: eg, hijacking a terminated telnet connection and sending traffic in the reverse direction. I can't think of a skin analogy for access-list allow host port established syntax, but I'm sure one exists. Firewalls thus play an important part of a biological system.

    Complex system interactions. If one were to use an individual cell as an analogy for a computer network and pathways into and out of the cell as the routes through the firewall then you come close to the biological analogy proposed in the article. Note that cells do not in fact advertise that they are under attack from viruses. Other cells notice that a virus attack in underway and react accordingly, with varying degrees of success. It is this approach that would be more useful to take by analogy from biological systems and apply to the computer/network security field. The same problems exist.

    Firstly there is the problem of the existing IDS not noticing an intrusion or failing to take sufficient action, such as for any biological infection which causes the death of the host. The biological solution to this is to immunise the system by exposing it to a non-lethal form of the pathogen to educate it for what to look for. A virus-scanner is a good example: Virus signature updates are the computer/network security version of immunisation.

    Then there is the problem of overreaction. In a biological system this is equivalent to the so-called '20th Century Syndrome' of boy-in-bubble fame. The biological system's IDS incorrectly registers normal operations as an intrusion and acts as it would for a normal intrusion, causing illness or death. This is a 'false-positive' reaction and is even more likely in a poorly designed IDS. As an example, reference the number of false positives generated by end users who install ZoneAlarm or equivalent personal firewalls. This is the same 'Microsoft is DoS-ing me!' argument mentioned by another respondent.

    So, the analogy has merit, but is poorly expressed in the article. I wish to point out that the main advance in IDS and security in general is not the establishment of a new analogy, paradigm or any other buzzword. I believe there are two key aspects that become increasingly important:

    1. Correctness of implementation. This is fixing inherent security problems that allow infection to occur. This requires hardening of software, systems and networks. Most people in the field acknowledge this to be true.

    2. Greater correlation. This is the ability to more correctly diagnose likely causes from symptoms. The security administrator becomes the highly trained doctor, using knowledge gained from analysis of known pathogens, methods of attack and problems inherent in existing symptoms and uses this knowledge to faster and more accurately diagnose root causes, and prescribe a solution. The use of tools, preferably automated, greatly increase the effectiveness of this approach. I believe it is in this area that the greatest advances have yet to occur.

    --
    Just because you're paranoid doesn't mean they're NOT after you.
  4. Re:very intelligent. by foobar104 · · Score: 5, Insightful

    The human body (used here only because it's the most familiar to the average person) works. It has some problems, but the design is solid.

    I think the human body can only be said to work in the statistical sense. Pick any given cell, and you'll find that the body (any complex organism, really) is a pretty dangerous place. The body works as designed because the component parts are unbelievably vast in numbers and practically (in fact, literally) disposable.

    Stephenson dealt with an idea like this in The Diamond Age, his book about nanotech. The idea is that, because of an absurd but logical application of economies of scale, it's about as expensive to produce one nanotechnological computer as it is to produce one trillion of them.

    If we lived in a world like that, where fairly autonomous disposable computers could be practically manufactured and used, the "computer network as biological system" idea might make some sense.

    Remember that life as we have observed it is basically tuned to the idea that the problem is hard, but the raw materials are cheap and time is no object. The only thing that situation has in common with our world is that the problems are hard; in our case, the materials are really expensive (in dollars, but also in labor and opportunity cost) and time is of the essence.

    That's not an area in which biology does very well.