Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Shares Its Security Secrets

Posted by kdawson on from the cultural-values dept.

Stony Stevenson writes "Google presents a big fat target for would-be hackers and attackers. At the RSA conference Google offered security professionals a look at its internal security systems. Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained how the company handles constant pressure and scrutiny from attackers. In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value.' The program includes mandatory security training for developers, a set of in-house security libraries, and code reviews by both Google developers and outside security researchers."

13 of 106 comments (clear)

  1. More PHD Cowbell by mfh · · Score: 5, Funny

    Google fights scrutiny with scrutiny (and by having more PHDs than you).

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:More PHD Cowbell by jgarra23 · · Score: 5, Funny

      Whoever modded me troll must have a PhD & work for Google :)

      Good luck selling those tiny little ads!!

  2. It's that darn preset target by Dekortage · · Score: 4, Funny

    Google presets a big fat target for would-be hackers and attackers.

    Must be a new Google appliance. I'm glad it is preset, and does not need any end-user configuration.

    In any case, I commute on the train with Google guys in NY. They use their laptops to work on the train, but have those little wireless security devices that generate random passwords for them when they want to log in, so their connection is fully encrypted.

    --
    $nice = $webHosting + $domainNames + $sslCerts
    1. Re:It's that darn preset target by illegibledotorg · · Score: 5, Insightful

      FWIW, their connection isn't any more encrypted than a standard VPN.

      The only part of the connection that is "more secure" is the authentication phase, since they had to use two factors to log in (their token code and their password).

      See Two-factor Authentication

    2. Re:It's that darn preset target by jollyreaper · · Score: 5, Funny

      "Those Who Sacrifice Liberty For Security Deserve Neither." - Benjamin Franklin

      "Those who sacrifice security for liberty deserve neither, either." -- BlowChunx "Those who sacrifice virgins to volcanoes are missing the point of what virgins are for." -- Me
      --
      Kwisatz Haderach
      Sell the spice to CHOAM
      This Mahdi took Shaddam's Throne
  3. Code Reviews and Coding Conventions by Starrk · · Score: 5, Insightful

    How many buffer overrun exploits have been found in other people's software because the coders are just lazy? Google also tries to prevent this by explicit rules that everyone must follow no matter what: for example, you are not allowed to check in code using sprintf instead of snprintf.

    A little thing to be sure... until you realize that it's one of many such rules, and they actually are followed.

    1. Re:Code Reviews and Coding Conventions by kevin_conaway · · Score: 4, Informative

      Tools like PMD help with this .

      We ended up getting bitten by bugs like unsynchronized access to static DateFormat object so we wrote used a PMD rule to fail our build if anyone does such a thing. We have other rules that curb the use of IOUtils.copy (instead of copyLarge).

      I highly recommend using some sort of static analysis as part of your CI process

  4. Security secrets? by illegibledotorg · · Score: 5, Informative

    TFA is a little scant on "security secrets."

    What is covered is some general security policy and philosophy.

    And here I was, waiting to read all about GIDS and GFirewall. Thanks, ITNews, for instead educating be about archiving security logs for later review!

  5. Re:So, explain ... by Starrk · · Score: 5, Insightful

    Because distinguishing bots from humans is an unsolved problem. Even before Captcha's were broken by computers, there was an easier solution:

    If you are stuck on a Captcha or equivalent, spam people, pretend the Captcha is yours, and offer free porn to anyone who solves it.

    Preventing this is virtually impossible.

  6. Re:So, explain ... by speculatrix · · Score: 4, Insightful

    I've had very little spam that actually came from googlemail, maybe two items in a year. I've had a lot of spam that purported to come from googlemail, but examination of the headers quickly revealed it was simply faking the origin.

  7. Re:The advantage of being an internet company by morgan_greywolf · · Score: 4, Informative

    I'd be surprised if any from-scratch operating system designed for internet-facing use today, didn't also have 'security as a culture'. Yeah. It's called OpenBSD.

    --
    My blog
  8. NCC 1701G by mrsteveman1 · · Score: 5, Funny

    "Scott Petry, director of Google's Enterprise"

    The big secret? apparently google is developing a starship

  9. Any competently run site is pingable. by Medievalist · · Score: 4, Informative

    C'mon, I know you do it too: when I want to see if my Internet is working, I "ping www.google.com".
    I still find it surprising that it ICMP_ECHO_REPLYs my ICMP_ECHO_REQUESTs. Why? I find it surprising that you find it surprising! :)

    A lot of sites disable ping because, years ago, The Ping of Death could crash a server by sending maliciously-crafted ping packets. The "Ping of Death" gained fame because any chump could create one from a totally generic Windows system using the broken ping that Microsoft was shipping at the time. The technique is applicable to any IP protocol, not just ICMP echo. You can make an SMTP of Death fairly trivially. Just fake up a datagram with a total length greater than 65,535 by abusing the fragment offset field of the IP header, and if the target system does not check total length for validity you can overflow memory and hose the system. If that didn't make sense to you, just remember the "Ping of Death" has NOTHING TO DO WITH PING - it's an IP vulnerability that used to exist for ALL protocols in the IP stacks of certain vendors (IBM, Sun, Cisco, etc.) and is now fixed.

    And you can DOS a server by flooding it with pings. And you can do it more easily with practically any other type of packet. If you plan to block all traffic that can be used for DOS, you must block all traffic, period.

    Ping is a service we all should provide to our internal networks from individual hosts, and to the Internet at large at the network edge. Configure your routers to respond to pings for your hosts instead of passing them through the firewalls. Ping is how people who need to test their ability to reach your hosts or site can do so. It is a simple tool that consumes a minimal amount of bandwidth to get the job done.

    I'd be interested to know just how many pings Google receives, and replies to each day. They might tell you if you ask. If it ever gets out of hand they'll just respond with normal traffic shaping techniques.

    And how many of those are maliciously encoded, only to be defeated by the ub3rh4x0r5 at Google. There's nothing dangerous about ping. Nothing... you can tell if a network is competently administered just by pinging it, my friend. I'd never hire anyone who had an unpingable net.

    Hmmm... where's BadAnalogyGuy when you need him? OK, look, blocking ping is like saying that you've seen a guy killed by an Isuzu truck, so you think you can prevent all fatal accidents by banning Isuzu trucks from the highway. In reality, all you will do is prevent beer deliveries to my house, since my beer distributor uses Isuzus. This will make me hate you, just like people hate clueless firewall admins who block ICMP. Or wait, you saw a guy get bludgeoned to death with a hammer so you will ban all hammers while allowing people with large wrenches, razor knives and screwdrivers to pass without comment. That was pretty bad I think.