Security in The 'Real World' and the Influence on IT Security - Part 1

An interesting and different look at security & civilization through history.

Can’t wait for Par Deux

posted Tuesday, February 28, 2006 2:35 PM by sandeepm

The human society we live in today is the result of over 4000 years of cultural evolution. Security has always been a priority for all societies and while the focus of security may have changed, the emphasis has not. Every society has been built upon a core set of security foundations that allows the government to keep its citizens safe, maintain law and order, and protect from external threats. Historically this has been achieved by building settlements in areas that can be easily defended from attacks and close proximity to natural resources and trading partners. At this point the settlement was a potential opportunity for attack, but with little or nothing to offer the would-be attacker they remained relatively safe. However as the settlement grew in size and importance they moved from being an opportunity to becoming a target. The first level of defence to be erected was the outer wall to keep people out. But in order to allow people to travel out and allow commerce they had to start opening doors in their otherwise impenetrable wall. And while a trader can look like a trader, sound like a trader, and even smell like a trader, without the soldiers at the door checking their cargo they could never be sure. Sound familiar? It should do. In the IT world we call this wall a firewall and the people going in and out are packets. And just like the real world unless you deeply inspect the traffic or people coming through you have no real idea of the validity of the traffic. A similar approach is used in modern airport. The fact you have a ticket and passport does not imply you are a trusted and valid traveller. Unfortunately the IT world has been slow to keep up and our firewalls have frequently failed to keep out malicious traffic and hackers. The concept of masquerading malicious traffic as valid data and passing it through the firewall is often called a Trojan - again a familiar term. First conceived 3000 years ago and named after the Trojan horse. Something that was perceived to be ‘good traffic’, secretly containing dangerous ‘traffic’, and taken knowingly through the ‘firewall’. The threat and countermeasure have been known about for three centuries, yet after 30 years of using a similar network we still became victims to the same threat. Looking back through history there are a number of facts that become apparent:

IT threats mirror themselves on real world threats
Threats come from the inside as well as outside
Attackers don’t play by the rules
Attack classes can be classified by real world categories

Trojans, viruses, and spyware all take their name from real world threats and all too frequently the IT world fails to stay up to date and understand the types of threats that are evolving. While we have all had anti-virus deployed in our environments, did we consider spyware and the threat it poses before two years ago? The real world threat of spies also have been know for thousands of years, yet it has taken over 30 years in the IT world to wake up to the threat of spyware.
Security in the physical world costs relatively less than its IT counterpart, is more effective, and gives us less cause for concern – can we take what we have learnt from the physical world, and develop the same type of security models in the IT world to deliver greater security, at a lower cost? Over the next few blog postings I will highlight physical security models, how they apply to the IT world, and how you can leverage these models to define your own internal security policies - stay tuned.
http://blogs.technet.com/sandeep/default.aspx