Feeds

Trusted computing a shield against worst attacks?

The case for identifiable devices

Top 5 reasons to deploy VMware with Tegile

In many cases, however, trusted computing hardware could be overkill.

Even if companies accept that device identification could stymie 84 per cent of the most damaging attacks, that does not necessarily mean that trusted computing is the only way to go, said Seth Schoen, staff technologist at the Electronic Frontier Foundation, who has researched the potential societal effects of trusted computing in the past.

"In some cases, there may be cheaper and simple ways to defend against some of the attacks," he said in an email interview with SecurityFocus. "For example, IP addresses could be used to authenticate some machines - and are probably sufficient under some threat models and policies to make the distinction between 'sanctioned' and 'unsanctioned' machines."

Moreover, Schoen still has questions about the methodology of the report, because the version of the report available online does not provide much detail about the data set. The study found that the industries hardest hit by attacks were government, retail and high-tech, and that 78 per cent of attackers used a home computer to do the deed, but that leaves a lot of questions unanswered, Schoen said.

Companies should ask whether they can reliably distinguish between sanctioned and unsanctioned computers on the network, whether employees working from home on unsanctioned computers would be allowed to access the network, and whether the technology could be deployed pervasively enough to matter.

"We would need to know that the unsanctioned computers were actually necessary to the commission of these crimes, and that the crimes could not have been committed without using the unsanctioned computers," he said. "Here, especially, we have no evidence whatsoever."

The report accounts for most of those questions, said Bill Bosen, founding partner of Trusted Strategies, the firm that researched and created the report.

The analyst trimmed down the data set to only those cases that included information on damages, where the computers used to stage the attack was located, and the relationship of the defendant to the organisation hit. Home computers used by someone unrelated to the company were considered 'unsanctioned' while computers located on the company premises were 'sanctioned', Bosen said.

"We think the margin of error was small. Device authentication would not have stopped all crimes. For example, there were a number of cases were the individual had valid credentials and was on a company machine but overstepped their authorisation."

The study found that an attacker with valid credential could do far more damage than a program that exploited some other flaw to gain control of a system. The average cost of a virus attack to any single company was about $2,400, far lower than the $1.5m caused by attackers armed with a valid username and password, Bosen said.

Perhaps a larger question regarding the report is whether a study funded by a company benefiting from the conclusions should be taken seriously. While the report takes the form of a whitepaper supporting Phoenix Technologies security product, that should not take away from the validity of it, said Suzy Bauter, a spokesperson for the company.

"We originally did the research to make sure that we were going down the right path and make sure that we were solving the right problem," she said. "Sure, it's self serving, but it is what it is. We didn't create the common denominators found by the report."

This article originally appeared in Security Focus.

Copyright © 2006, SecurityFocus

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.