Wednesday, June 26

endpoint security

(Note: this post, and some of my adjacent posts, are scattered and disorganized - that reflects my knowledge of the underlying issues, and their secrecy)

One of the issues raised by Edward Snowden is that "endpoint security" is weak on our computer systems.

So what does that even mean? Why is it an issue?

For that matter, what is "security"?

(Here's an example of an insecure endpoint:

One model of "security" is "death". If someone is dead, they are not a threat. This is dark ages stuff, but keep in mind that our morals and institutions were formed in the dark ages (or earlier).

A related model of "security" has to do with silence. This corresponds to "death" - a silent person is not that much different from a dead person, in some contexts. If a person is annoying you (or leading people against you) and you can get them to shut up, maybe you can stop them, or slow them. Or, for yourself, maybe you can sneak up on them (followed, presumably, by doing something so awful to them that they will then be silent, themselves).

Do we have anything better?

Our bodies have "pain nerves". These are slow, interior nerves which relay signals to our brains somewhat more slowly and more robustly than our regular nerves. If we receive information which is inconsistent between our different nervous systems, we perceive that as pain.  If you hurt yourself, and you pay attention, you will probably be able to notice a delay between when you are injured and when you start feeling pain.

This concept, I think, is relevant in security discussions. We do not need (or want) detailed security which is independent of our normal mechanisms for thought and action but we do need summary security information so we can tell when things are going bad.

Note also that a ton of political discussions are about inconsistencies between statements and actions.  (But most of that seems to be triggered by jargon differences and specialty differences - people talking past each other and not getting the other side's point of view - and only some of it seems to me to be triggered by what I perceive as "significant problems". Not that misunderstandings are not destructive - they are destructive.)

So, taking a concrete example - if I had hardware on my computer network interfaces which counted how many smtp requests my computer issued I would sometimes be able to just see if my computer was spamming people.  There are some problems with this example, but the key thing is "out of band" (or "unpredictable") awareness.

But I never really defined "security". In the context of computer systems, my definition of a "secure computer" is "the device is doing what the person responsible for the device thinks it's doing, and not doing things that the person responsible thinks it's not doing".

In other words, my concept of "computer security" sounds very like "education" or "knowledge". And, it's related to the computer UI principle of "least surprise". Of course, it's also related to death - for example, dead people can't be surprised (or at least, that seems to me to be difficult).

So I'm going to say something that might surprise some people. This is not me violating any security principle, this is me taking someone (maybe you, maybe not) from a slightly less secure state of existence:

Computers are electronic gear. That means they radiate information. We take advantage of this in building our computer networks (and this is related to things like radio broad casting, tv broadcasting and cell phones), but they also radiate information in other less efficient ways, just of because what they are. It's possible to design a system to mostly eliminate this kind of radiation, but this is expensive and no one cares to pay for that.

So, from my point of view, if you want to be secure, in a medieval sense (silence, or death), you will not be using a computer. If you want to be secure in a more modern sense, you will educate yourself on how your computer works. This doesn't need to be detailed knowledge (though that can be a very good thing), but it should be something.

So, exercise: find a way of detecting whether your computer is broken and see if it triggers when exposed to a threat. (This seems like a huge waste of time, since if things go wrong you might need to recover from backups and maybe your backups are broken.)

Exercise: how do you recover a compromised computer system (reboot! reinstall stuff! throw it away and get a new one!) ... hopefully you can talk with someone who has an interest in fixing your system and a good track record of having done so.

That said, nowadays, it's probably wise to assume your system is already compromised and work on ways to detect what's broken and how to fix it. And, then, try to track down the source and make it stop - hopefully without resorting to medieval measures.

So... why are medieval measures bad? isn't silence a good thing? And, no, I don't think it is - remember, we detect when things are wrong by looking for inconsistencies. Inconsistencies alone do not tell us what's wrong nor how to fix it, but they start the process. And silence does not make things consistent.

Meanwhile, modern computer systems and communication systems allow us to be sensitive to inconsistencies, and our reaction to non-networked peoples is a sort of numbness - they do not interact with us. If it's deep enough, we might not even notice, and there's some unpleasantnesses (and, fortunately, pleasures) in encountering other people's points of view. But in a modern well connected society, hiding is a lot harder than it used to be. And this is probably a good thing. But I think we need to something like tolerance to replace this lack of privacy.

So... endpoint security?

First, you need the endpoints (e.g. a cell phone or a computer). If it doesn't exist, that's not secure (except in a medieval sense).

Second, whoever is responsible for an endpoint needs to understand that endpoint. So this means that our computer systems need to be designed to educate the user about the system (at a sustainable and reasonable pace).

* * * * *

rules of the internet, derived from

Rule 1: You SHOULD be liberal in what you accept, and be conservative
        in what you produce.

Rule 2: You SHOULD NOT use potentially harmful constructs (even
        if they are allowed in the restricted case you are using them

Rule 3: You SHOULD NOT munge (do not change protocol you get and
        resend, in particular do not try to correct incorrect protocol

Rule 4: Systems SHOULD be designed to educate the user about their function,
        and about how they are operating.

(The page I referenced just had the first three rules and did not mark the rules as "SHOULD" rules. These are "SHOULD" instead of "MUST" because all of these issues require judgement calls.)

* * * * *

Looking for a reference that expresses what I want to say, I found this:

"Greatest Threat To Democracy

Is it ignorance or apathy? Hey, I don’t know and I don’t care.–Jimmy Buffett"

* * * * *

Endpoint security is a problem because we have not been designing our systems to teach the user about key underlying abstractions. We need a more diverse set of awarenesses and cross specializations if we are going to have computer systems which do not surprise people.

And the "NSA"? They have problems, absolutely, and hopefully we and they can be honest enough for them to resolve their biggest problems. But if you care about privacy, I think that attacking the NSA because of their problems is like ripping a bandage off a bleeding wound because it hurts.

Restated: you have bought a computer that is compromised, and you don't even know it. "Fixing the NSA" won't make your computer be not compromised. And if you needed sensationalism to become aware of the issues?

And, as a bonus, understanding how things work is a great way to come up with ideas for being more productive, more useful and higher salaried. These ideas will not always work (and, if they are predatory you should expect to be slapped down, perhaps in an unfair fashion, and that slapping process might itself also be predatory and need to be fixed) but if they make people's live's better, that's a good good thing.

* * * * *

Another problem: At least 24 million people in the U.S. are unemployed (want jobs, do not have jobs, and have been without jobs for a short enough time to be on the records as wanting jobs), and these are frequently in rural areas (with low network access). If they were all connected we could perhaps talk them through solutions to their problems (finding people that need their help that can reciprocate, finding ways to get food, just being friends and loving them for being who they are).  And the scale of the problem outside the U.S. is much bigger.

So maybe it's important also to realize that we have bigger problems than "endpoint security".

* * * * *

This is just my current point of view. I expect that there will be people who do not connect with the ideas as I have expressed them here. I may change my mind at a later date.

No comments:

Post a Comment