IT Security, The Frankenstein Way

Frankenstein

Here’s a riddle: When is a computer virus not a dangerous piece of malware? Answer: when it is hidden as Frankenstein code.

The Economist(25 August 2012) describes how computer viruses are now being secretly passed into computers, by simply sending a blueprint for the virus rather than the harmful code itself into your computer–then the code is harvested from innocuous programs and assembled to form the virus itself.

Like the fictional character, Frankenstein, that is stitched together out of scavenged body parts, the semantic blueprint pulls together code from host programs to form the viruses.

This results is a polymorphic viruses, where based on the actual code being drawn from other programs, each virus ends up appearing a little different and can potentially mask itself–bypassing antivirus, firewall, and other security barriers.

Flipping this strategy around, in a sense, Bloomberg Businessweek (20 June 2012) reports on a new IT security product by Bromiumthat prevents software downloads from entering the entire computer, and instead sets aside a virtual compartment to contain the code and ensure it is not malicious, and if the code is deemed dangerous, the cordoned-off compartment will dissolve preventing damage to the overall system.

So while on the offensive side, Frankenstein viruses stitch together parts of code to make a dangerous whole–here on the defensive side, we separate out dangerous code from potentially infecting the whole computer.

Computer attacks are getting more sinister as they attempt to do an end-run around standardized security mechanisms, leading to continually evolving computer defenses to keep the Frankensteins out there, harmless, at bay.

(Source Photo: herewith attribution to Dougal McGuire)

Leadership Cloud or Flood Coming?

Flood

I came across two very interesting and concerning studies on cloud computing–one from last year and the other from last month.

Here is a white paper by London-based Context Information Security (March 2011)

Context rented space from various cloud providers and tested their security.

Overall, it found that the cloud providers failed in 41% of the tests and that tests were prohibited in another 34% of the cases –leaving a pass rate of just 25%!

The major security issue was a failure to securely separate client nodes, resulting in the ability to “view data held on other service users’ disk and to extract data including usernames and passwords, client data, and database contents.”

The study found that “at least some of the unease felt about securing the Cloud is justified.”

Context recommends that clients moving to the cloud should:

1) Encrypt–“Use encryption on hard disks and network traffic between nodes.”

2) Firewall–“All networks that a node has access to…should be treated as hostile and should be protected by host-based firewalls.”

2) Harden–“Default nodes provisioned by the Cloud providers should not be trusted as being secure; clients should security harden these nodes themselves.”

I found another interesting post on “dirty disks” by Context (24 April 2012), which describes another cloud vulnerability that results in remnant client data being left behind, which then become vulnerable to others harvesting and exploiting this information.

In response to ongoing fears about the cloud, some are choosing to have separate air-gaped machines, even caged off, at their cloud providers facilities in order to physically separate their infrastructure and data–but if this is their way to currently secure the data, then is this really even cloud or maybe we should more accurately call it a faux cloud?

While Cloud Computing may hold tremendous cost-saving potential and efficiencies, we need to tread carefully, as the skies are not yet all clear from a security perspective with the cloud.

Clouds can lead the way–like for the Israelites traveling with G-d through the desert for 40 years or they can bring terrible destruction like when it rained for 40 days and nights in the Great Flood in the time of Noah.

The question for us is are we traveling on the cloud computing road to the promised land or is there a great destruction that awaits in a still immature and insecure cloud computing playing field?

(Source Photo: here with attribution to freefotouk)