Feeds

Trusted computing a shield against worst attacks?

The case for identifiable devices

Build a business case: developing custom apps

In many cases, however, trusted computing hardware could be overkill.

Even if companies accept that device identification could stymie 84 per cent of the most damaging attacks, that does not necessarily mean that trusted computing is the only way to go, said Seth Schoen, staff technologist at the Electronic Frontier Foundation, who has researched the potential societal effects of trusted computing in the past.

"In some cases, there may be cheaper and simple ways to defend against some of the attacks," he said in an email interview with SecurityFocus. "For example, IP addresses could be used to authenticate some machines - and are probably sufficient under some threat models and policies to make the distinction between 'sanctioned' and 'unsanctioned' machines."

Moreover, Schoen still has questions about the methodology of the report, because the version of the report available online does not provide much detail about the data set. The study found that the industries hardest hit by attacks were government, retail and high-tech, and that 78 per cent of attackers used a home computer to do the deed, but that leaves a lot of questions unanswered, Schoen said.

Companies should ask whether they can reliably distinguish between sanctioned and unsanctioned computers on the network, whether employees working from home on unsanctioned computers would be allowed to access the network, and whether the technology could be deployed pervasively enough to matter.

"We would need to know that the unsanctioned computers were actually necessary to the commission of these crimes, and that the crimes could not have been committed without using the unsanctioned computers," he said. "Here, especially, we have no evidence whatsoever."

The report accounts for most of those questions, said Bill Bosen, founding partner of Trusted Strategies, the firm that researched and created the report.

The analyst trimmed down the data set to only those cases that included information on damages, where the computers used to stage the attack was located, and the relationship of the defendant to the organisation hit. Home computers used by someone unrelated to the company were considered 'unsanctioned' while computers located on the company premises were 'sanctioned', Bosen said.

"We think the margin of error was small. Device authentication would not have stopped all crimes. For example, there were a number of cases were the individual had valid credentials and was on a company machine but overstepped their authorisation."

The study found that an attacker with valid credential could do far more damage than a program that exploited some other flaw to gain control of a system. The average cost of a virus attack to any single company was about $2,400, far lower than the $1.5m caused by attackers armed with a valid username and password, Bosen said.

Perhaps a larger question regarding the report is whether a study funded by a company benefiting from the conclusions should be taken seriously. While the report takes the form of a whitepaper supporting Phoenix Technologies security product, that should not take away from the validity of it, said Suzy Bauter, a spokesperson for the company.

"We originally did the research to make sure that we were going down the right path and make sure that we were solving the right problem," she said. "Sure, it's self serving, but it is what it is. We didn't create the common denominators found by the report."

This article originally appeared in Security Focus.

Copyright © 2006, SecurityFocus

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?