Schneier on Security

Clive Robinson • July 4, 2022 1:35 PM

@ Adeline Russell, Ted, ALL,

Security policies should assume the network is compromised, quite possibly by something/someone more interesting than “standard” untargeted malware.

Back last century for a little while people did start to consider “the network is compromised”. The Morris Worm had kind of poped the “naivety bubble” surrounding the fledgling DARPA- Net –later Internet– in Nov 1988. Back then things were mostly *nix, using the BSD stack, and the worm caused people to start to think and act…

At this time Microsoft had still done next to nothing with networking and it was other companies like Novel that were doing Workplace LAN with only later crude WAN connectivity for eye wateringly expensive “leased lines”.

PC’s were not realy talking to each other let alone the world. It would take the work of Radio Amateur KA9Q, Phil Kaun and his AX25 stack[1] to change all of that in the UK which was “leading the world” in many respects and eventually forced Microsoft to “borrow the BSD network stack”. Only MS used the “old code”… Which is why eventually the first “Teardrop attack” was so effective.

But even today people still do not think sensibly about “communications networks” other than “inside and outside” and “Network perimeters”… Basically the defenders only think of a “gateway router and firewall” some thirty years later. The attackers however see things differently, and advantageously. You have SigInt agencies tucking themselves away in the router upstream of the gateway router unseen by defenders, just vanpiring up all the traffic they can. But you also have “Advanced Persistant Threat”(APT) types from the other parys of the “Intelligence Communities”(IC) burrowing in past the firewall and finding no opposition to their behaviours. Which has enabled the crooks to move in with ransomware etc…

But as I note from time to time, one of the first questions I ask is,

“Show me the valid business case for that PC to be connected to external communications?”

And in most cases still, it boils down to “It’s a good idea, according to…” or some such other MBA mantra nonense.

The argument is kind of “SMS was a surprise success” we don’t know why but it’s obviously good. Then “Email was a surprise success” Why? we’ve no idea on that either. Instant Messaging that was great as well. So “Social Media give me some of that it has to be a success, because history…” so again no idea, but “Hey lets jump on the bandwagon, it’s got to be good…”.

I suspect some others see this as at best slightly odd behaviour as well. But that unreasoned upside thinking” of “Think of the profits” or similar gets to run. Whilst downside or cautious thinking of “Don’t mention the Emperor’s ass is on display” or “Don’t kill the Golden Goose” or similar does not make you a “team player”…

[1] The KA9Q NOS was based on the European X25 WAN protocols that were actually going global at the time (as they were circuit switched). As such X25 was often hidden out of sight in the “physical layer” on which other networks were layered. In fact IP was layered upon X25 much as it was on the Cambridge Ring, Oh and that awful Ethernet and that IBM LAN (which nobody can remember ;-). IP in turn carried UDP and TCP layered upon it and so on…

https://en.m.wikipedia.org/wiki/KA9Q