Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Schneier Monitoring Presentation

Schneier Monitoring Presentation

Ratings: (0)|Views: 3 |Likes:
Published by Tridon
Bruce Schneier
Counterpane Internet Security, Inc.
www.counterpane.com
Bruce Schneier
Counterpane Internet Security, Inc.
www.counterpane.com

More info:

Categories:Types, Research
Published by: Tridon on Jan 13, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/03/2012

pdf

text

original

 
 1HWZRUN0RQLWRULQJDQG6HFXULW\ -XQH
,17(//,*(17$/(57,167$175(63216(,00(',$7('()(16(
1HWZRUN0RQLWRULQJDQG6HFXULW\
%UXFH6FKQHLHU
&72&RXQWHUSDQH,QWHUQHW6HFXULW\
-XQH
7DON'HVFULSWLRQ
&RPSXWHUDQGQHWZRUNVHFXULW\KDVEHHQYLHZHGDVDQHQJLQHHULQJSUREOHPDQGFRPSDQLHVKDYHWULHGWRVROYHLWWKURXJKWKHDSSOLFDWLRQRIWHFKQRORJLHV7KLVDSSURDFKLVIDLOLQJHYHQWKRXJKWHFKQRORJLHVFRQWLQXHWRLPSURYHWKHVHFXULW\RIWKH,QWHUQHWFRQWLQXHVWRGHFOLQH7KHUHDOSUREOHPLVQRWRQHRIWHFKQRORJ\EXWRISURFHVV1HWZRUNVHFXULW\LVQRGLIIHUHQWIURPUHDOZRUOGVHFXULW\7KHFRUUHFWSDUDGLJPLVULVNPDQDJHPHQW6WURQJFRXQWHUPHDVXUHVFRPELQHSURWHFWLRQGHWHFWLRQDQGUHVSRQVH7KHZD\WREXLOGUHVLOLHQWVHFXULW\LVZLWKYLJLODQWDGDSWLYHUHOHQWOHVVGHIHQVHE\H[SHUWVSHRSOHQRWSURGXFWV7KHUHDUHQRPDJLFSUHYHQWLYHFRXQWHUPHDVXUHVDJDLQVWFULPHLQWKHUHDOZRUOG\HWZHDUHDOOUHDVRQDEO\VDIHQHYHUWKHOHVV:HQHHGWREULQJWKDWVDPHWKLQNLQJWRWKH,QWHUQHW7KLVSUHVHQWDWLRQLVDYDLODEOHRQOLQHDWKWWSZZZFRXQWHUSDQHFRPSUHVHQWDWLRQSGI 
$ERXWWKH$XWKRU
,QWHUQDWLRQDOO\UHQRZQHGVHFXULW\WHFKQRORJLVWDQGDXWKRU%UXFH6FKQHLHULVWKH)RXQGHUDQGWKH&KLHI7HFKQLFDO2IILFHURI &RXQWHUSDQH,QWHUQHW6HFXULW\,QFWKHZRUOGOHDGHULQ0DQDJHG6HFXULW\0RQLWRULQJ&RXQWHUSDQHSURYLGHVVHFXULW\PRQLWRULQJVHUYLFHVWR)RUWXQHFRPSDQLHVZRUOGZLGH+HLVWKHDXWKRURIVL[ERRNVRQVHFXULW\DQGFU\SWRJUDSK\LQFOXGLQJWKHVHFXULW\EHVWVHOOHU6HFUHWV/LHV'LJLWDO6HFXULW\LQD1HWZRUNHG:RUOG+LVILUVWERRN$SSOLHG&U\SWRJUDSK\KDVVROGRYHUFRSLHVZRUOGZLGHDQGLVWKHGHILQLWLYHZRUNLQWKHILHOG6FKQHLHUGHVLJQHGWKH%ORZILVKDQG7ZRILVKHQFU\SWLRQDOJRULWKPVDQGZULWHVWKHLQIOXHQWLDO&U\SWR*UDPPRQWKO\QHZVOHWWHU+HLVDIUHTXHQWOHFWXUHURQFRPSXWHUVHFXULW\DQGFU\SWRJUDSK\%UXFH6FKQHLHU¶VELRJUDSK\LVDYDLODEOHRQOLQHDWKWWSZZZFRXQWHUSDQHFRPVFKQHLHUKWPO
$ERXW&RXQWHUSDQH,QWHUQHW6HFXULW\,QF
&RXQWHUSDQH,QWHUQHW6HFXULW\,QFLVWKHLQQRYDWRUDQGDFNQRZOHGJHGOHDGHULQSURYLGLQJ0DQDJHG6HFXULW\0RQLWRULQJ060VHUYLFHV060FRPELQHVSHRSOHDQGWHFKQRORJ\WRVDIHJXDUGEXVLQHVVHV:RUNLQJIURPDQHWZRUNRIWHFKQLFDOO\VRSKLVWLFDWHG6HFXUH2SHUDWLRQV&HQWHUV62&VDQGXVLQJSURJUHVVLYHDQDO\VLVWRROV&RXQWHUSDQHKDVEXLOWWKHPRVWDGYDQFHGDQDO\VLVFRUUHODWLRQGHWHFWLRQDQGGLDJQRVLVWHFKQRORJ\FRPSULVLQJRID6HQWU\PRQLWRULQJSUREHRQWKHFXVWRPHUVQHWZRUN DQGWKH6RFUDWHVNQRZOHGJHEDVHLQVLGHWKH62&V8VLQJWKLVWHFKQRORJ\&RXQWHUSDQHVH[SHUW6HFXULW\$QDO\VWVDUHDEOHWRGHWHFWVHFXULW\LQFLGHQWVERWKH[WHUQDOLQWUXVLRQVDQGLQVLGHUDWWDFNVLQUHDOWLPHDQGWDLORULPPHGLDWHHIIHFWLYHUHVSRQVHVIRU LWVFXVWRPHUV,WKDVSDUWQHUHGZLWKOHDGLQJVHFXULW\FRPSDQLHVFRQVXOWLQJRUJDQL]DWLRQVDQG9$5VWRGHOLYHU060VHUYLFHVZRUOGZLGH&RXQWHUSDQHLVKHDGTXDUWHUHGLQ6XQQ\YDOH&$DQGKDVWZRRSHUDWLRQDO62&VRQHLQ0RXQWDLQ9LHZ&$DQGWKHRWKHULQ&KDQWLOO\9$0RUHLQIRUPDWLRQDERXW&RXQWHUSDQHLVDYDLODEOHRQOLQHDWKWWSZZZFRXQWHUSDQHFRP
 
 1HWZRUN0RQLWRULQJDQG6HFXULW\ -XQH
,17(//,*(17$/(57,167$175(63216(,00(',$7('()(16(
,W¶VD'DQJHURXV:RUOG
,QWHOOHFWXDO3URSHUW\%UDQG9DOXH
     +     $      &     .     (     5      6
&203(7,7,21 (03/2<((6
     3     $     5     7     1     (     5      6
%UDQG&XVWRPHU7UXVW5HFRYHU\&RVWV
&6,V&RPSXWHU&ULPHDQG6HFXULW\6XUYH\
)RUWKHSDVWVL[\HDUVWKH&RPSXWHU6HFXULW\,QVWLWXWHKDVFRQGXFWHGDQDQQXDOFRPSXWHUFULPHVXUYH\,QRI UHVSRQGHQWVUHSRUWHGXQDXWKRUL]HGXVHRIFRPSXWHUV\VWHPVLQWKHODVW\HDUVDLGWKDWWKH\KDGQRVXFKXQDXWKRUL]HGXVHVDQGVDLGWKDWWKH\GLGQWNQRZ7KHQXPEHURILQFLGHQWVZDVDOORYHUWKHPDSDQGWKHQXPEHURILQVLGHUYHUVXVRXWVLGHULQFLGHQWVZDVURXJKO\HTXDORIUHVSRQGHQWVUHSRUWHGWKHLU,QWHUQHWFRQQHFWLRQDVDIUHTXHQWSRLQWRIDWWDFNWKLVKDVEHHQVWHDGLO\ULVLQJRYHUWKHVL[\HDUVUHSRUWHGUHPRWHGLDOLQDVDIUHTXHQWSRLQWRIDWWDFNWKLVKDVEHHQGHFOLQLQJDQGUHSRUWHGLQWHUQDOV\VWHPVDVDIUHTXHQWSRLQWRIDWWDFNDOVRGHFOLQLQJ7KHW\SHVRIDWWDFNUDQJHIURPWHOHFRPPXQLFDWLRQVIUDXGWRODSWRSWKHIWWRVDERWDJHH[SHULHQFHGDV\VWHPSHQHWUDWLRQDGHQLDORIVHUYLFHDWWDFNUHSRUWHGWKHIWRISURSULHWDU\LQIRUPDWLRQDQGILQDQFLDOIUDXGUHSRUWHGVDERWDJHKDGWKHLU:HEVLWHVKDFNHGDQRWKHUGLGQWNQRZDQGRYHUKDOIRIWKRVHKDGWKHLU:HEVLWHVKDFNHGWHQRUPRUHWLPHVRIWKH:HEVLWHKDFNVUHVXOWHGLQYDQGDOLVPDQGLQFOXGHGWKHIWRIWUDQVDFWLRQLQIRUPDWLRQ:KDWVLQWHUHVWLQJLVWKDWDOORIWKHVHDWWDFNVRFFXUUHGGHVSLWHWKHZLGHGHSOR\PHQWRIVHFXULW\WHFKQRORJLHVKDYHILUHZDOOVDQ,'6DFFHVVFRQWURORIVRPHVRUWGLJLWDO,'VHWF7KHILQDQFLDOFRQVHTXHQFHVDUHVWDJJHULQJ2QO\UHVSRQGHQWVZRXOGTXDQWLI\WKHLUORVVHVDQGWKRVHWRWDOHGPLOOLRQ)URPXQGHUFRPSDQLHV,QRQH\HDU7KLVLVDELJGHDO7RJHWDFRS\RIWKLVVXUYH\YLVLWKWWSZZZJRFVLFRPSUHOHDBKWP
7KH+RQH\QHW3URMHFW
7KH+RQH\QHW3URMHFWPHDVXUHVDFWXDOFRPSXWHUDWWDFNVRQWKH,QWHUQHW$FFRUGLQJWRWKHLUPRVWUHFHQWUHVXOWVDUDQGRPFRPSXWHURQWKH,QWHUQHWLVVFDQQHGGR]HQVRIWLPHVDGD\7KHOLIHH[SHFWDQF\RIDGHIDXOWLQVWDOODWLRQRI5HG+DWVHUYHURUWKHWLPHEHIRUHVRPHRQHVXFFHVVIXOO\KDFNVLWLVOHVVWKDQKRXUV$FRPPRQKRPHXVHUVHWXSZLWK:LQGRZVDQGILOHVKDULQJHQDEOHGZDVKDFNHGILYHWLPHVLQIRXUGD\V6\VWHPVDUHVXEMHFWHGWR1HW%,26VFDQVDQDYHUDJHRIWLPHVDGD\$QGWKHIDVWHVWWLPHIRUDVHUYHUEHLQJKDFNHGPLQXWHVDIWHUSOXJJLQJLWLQWRWKHQHWZRUN0\HVVD\RQWKH+RQH\QHW3URMHFWKWWSZZZFRXQWHUSDQHFRPFU\SWRJUDPKWPO7KH+RQH\QHW3URMHFWKRPHSDJHKWWSSURMHFWKRQH\QHWRUJ
 
 1HWZRUN0RQLWRULQJDQG6HFXULW\ -XQH
,17(//,*(17$/(57,167$175(63216(,00(',$7('()(16(
 $QG,W¶V*HWWLQJ:RUVH«
3DVVZRUG*XHVVLQJ6HOI5HSOLFDWLQJ&RGH3DVVZRUG&UDFNLQJ([SORLWLQJ.QRZQ9XOQHUDELOLWLHV%XUJODULHV+LMDFNLQJ6HVVLRQV1HWZRUNHG0DQDJHPHQW'LDJQRVLV*8, $XWRPDWHG3UREHV6FDQVZZZ$WWDFNV'LVWULEXWHG $WWDFN7RROV6WDJHG$WWDFN 
 $WWDFN6RSKLVWLFDWLRQ,QWUXGHU.QRZOHGJH
/2:+,*+
'LVDEOLQJ$XGLWV%DFN'RRUV6ZHHSHUV6QLIIHUV3DFNHW6SRRILQJ'HQLDORI6HUYLFH ³6WHDOWK´$GYDQFHG6FDQQLQJ7HFKQLTXHV&URVV6LWH6FULSWLQJ
6RXUFH-XOLD+$OOHQ
&(57*XLGHWR6\VWHPDQG1HWZRUN6HFXULW\3UDFWLFHV 
$GGLVRQ:HVOH\
&RPSXWHU6HFXULW\7KH7KUHDWV
,QFRPSXWHUVHFXULW\WKHROGHUDWWDFNVQHYHUJRDZD\DQGWKHQHZHUDWWDFNVMXVWJHWZRUVH7KHPRVWVHULRXVSUREOHPLQFRPSXWHUVHFXULW\LVQRWWKHQHZHVWDWWDFNEXWWKHHYHULQFUHDVLQJWVXQDPLRIDOOWKHROGDWWDFNVWKDWFRQWLQXHWRGRGDPDJH&RQVLGHUEXIIHURYHUIORZV7KHVHDWWDFNVDUHRQHRIWKHROGHVWWULFNVLQWKHERRN7KH\ZHUHILUVWWDONHGDERXWDVHDUO\DVWKHV²WLPHVKDULQJV\VWHPVVXIIHUHGIURPWKHSUREOHP²DQGZHUHNQRZQE\WKHVHFXULW\OLWHUDWLHYHQHDUOLHUWKDQWKDW,QWKHVWKH\ZHUHRIWHQXVHGDVDSRLQWRIDWWDFNDJDLQVWHDUO\QHWZRUNHGFRPSXWHUV,QWKH0RUULV:RUPGURSSHGRI WKHKRVWVRQWKH,QWHUQHWZLWKDEXIIHURYHUIORZDWWDFN7RGD\RYHUDGHFDGHDQGDKDOIDIWHU0RUULVDQGDERXW\HDUVDIWHUWKHVHDWWDFNVZHUHILUVWGLVFRYHUHGEXIIHURYHUIORZVDUHVWLOODQHQRUPRXVSUREOHP0RVWDWWDFNVRQWKH,QWHUQHWDUHEXIIHURYHUIORZVHYHQWKRXJKWKHUHDUHDXWRPDWLFSURJUDPVWRILQGDQGIL[WKHPLQGHYHORSPHQW7KHUHDUHPDQ\DWWDFNVPRUHVXEWOHDQGKDUGHUWRIL[WKDQEXIIHURYHUIORZV%XWWKH\UHVWLOOKHUHWRRDQGWKH\UHVWLOOFDXVLQJGDPDJH,Q:HEVLWHGHIDFHPHQWVZHUHPDMRUQHZV7RGD\WKHUHDUHGR]HQVRI:HEVLWHGHIDFHPHQWVHYHU\GD\DQGIHZQRWLFH,QWKHVWRU\ZDVFUHGLWFDUGQXPEHUWKHIWV&'8QLYHUVHVWXPEOHGDVDFRPSDQ\SDUWO\EHFDXVHRIWKHFUHGLELOLW\WKH\ORVWLQDFUHGLWFDUGQXPEHUWKHIW7RGD\PLOOLRQVRIFUHGLWFDUGQXPEHUVDUHVWROHQRIIWKH,QWHUQHWEXWLWVQRWQHZVDQ\PRUHZDVWKH\HDURIWKH7URMDQ%DFN2ULILFHZDVJRLQJWREHWKHGHDWKRIWKH,QWHUQHW7RGD\WKHUHDUHGR]HQVRI7URMDQVPDQ\RIWKHPQDVWLHUWKDQ%DFN2ULILFHWKDWWKHSRSXODUSUHVVLJQRUHV,QLWZDVGHQLDORIVHUYLFHDWWDFNV'R6DWWDFNVDUHVRPHRIWKHROGHVWDQGHDVLHVWDWWDFNVLQWKHERRN7KH\UHDVROGDVWKH,QWHUQHW7KDW)HEUXDU\FRRUGLQDWHGGLVWULEXWHG'R6DWWDFNVHDVLO\EURXJKWGRZQVHYHUDOKLJKWUDIILF:HEVLWHVLQFOXGLQJ<DKRRH%D\$PD]RQFRPDQG&117RGD\WKHUHDUHWKRXVDQGVRI'R6DWWDFNVRQWKH,QWHUQHWHYHU\ZHHN/DVW\HDU\RXKDGWREHDVHOIGLUHFWHGVHOILQIHFWLQJVHOIPRGLI\LQJ,QWHUQHWZRUPWRPDNHWKHQHZV7KLV\HDULWOOEHVRPHWKLQJGLIIHUHQW,GRQWNQRZZKDWZLOOPDNHWKHQHZVEXW,GRNQRZWKDWLWZLOOEHELJJHUDQGEDGGHUDQGQDVWLHUWKDQZKDWFDPHEHIRUH%XW,GRNQRZWKDWLWZLOOLQFOXGHDORWRIWKHVDPHWRROVDQGWHFKQLTXHVWKDWZHQWEHIRUH$QG,GRNQRZWKDWWKHHQWLUHLQGXVWU\ZLOOEHEOLQGVLGHGE\LWHYHQWKRXJKWKH\ZLOOKDYHQRH[FXVHIRUQRWVHHLQJLW:KDWFDQZHGRWRPLQLPL]HWKHGDPDJH"1RWKLQJ:HFDQWHYHQJHWVRIWZDUHFRPSDQLHVWRUHOLDEO\SURGXFHFRGHZLWKRXW EXIIHURYHUIORZV:HFDQWJHWVRIWZDUHFRPSDQLHVWRUHOLDEO\SURGXFHVHFXULW\SDWFKHVWKDWZRUNZLWKRXWEUHDNLQJRWKHU WKLQJV,IZHFDQWVROYHWKHVLPSOHLVVXHVKRZFDQZHKRSHWRGHDOZLWKWKHFRPSOH[RQHV"7KHJUHDWHVWGDQJHUZHIDFHLVWKHHYHUJURZLQJWVXQDPLRISDVWSUREOHPV(YHU\\HDULWJHWVODUJHU$QGHYHU\\HDUWKHGDPDJHVJURZ

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->