Cover image for Beautiful Security

Book description

Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, and those defending against them must do the same. Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:

  • The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their prey

  • How social networking, cloud computing, and other popular trends help or hurt our online security

  • How metrics, requirements gathering, design, and law can take security to a higher level

  • The real, little-publicized history of PGP

This book includes contributions from:

  • Peiter "Mudge" Zatko

  • Jim Stickley

  • Elizabeth Nichols

  • Chenxi Wang

  • Ed Bellis

  • Ben Edelman

  • Phil Zimmermann and Jon Callas

  • Kathy Wang

  • Mark Curphey

  • John McManus

  • James Routh

  • Randy V. Sabett

  • Anton Chuvakin

  • Grant Geyer and Brian Dunphy

  • Peter Wayner

  • Michael Wood and Fernando Francisco

All royalties will be donated to the Internet Engineering Task Force (IETF).

Table of Contents

  1. Dedication
  2. Special Upgrade Offer
  3. Preface
    1. Why Security Is Beautiful
    2. Audience for This Book
    3. Donation
    4. Organization of the Material
    5. Conventions Used in This Book
    6. Using Code Examples
    7. Safari® Books Online
    8. How to Contact Us
  4. 1. Psychological Security Traps
    1. Learned Helplessness and Naïveté
      1. A Real-Life Example: How Microsoft Enabled L0phtCrack
      2. Password and Authentication Security Could Have Been Better from the Start
      3. Naïveté As the Client Counterpart to Learned Helplessness
    2. Confirmation Traps
      1. An Introduction to the Concept
      2. The Analyst Confirmation Trap
      3. Stale Threat Modeling
      4. Rationalizing Away Capabilities
    3. Functional Fixation
      1. Vulnerability in Place of Security
      2. Sunk Costs Versus Future Profits: An ISP Example
      3. Sunk Costs Versus Future Profits: An Energy Example
    4. Summary
  5. 2. Wireless Networking: Fertile Ground for Social Engineering
    1. Easy Money
      1. Setting Up the Attack
      2. A Cornucopia of Personal Data
      3. A Fundamental Flaw in Web Security: Not Trusting the Trust System
      4. Establishing Wireless Trust
      5. Adapting a Proven Solution
    2. Wireless Gone Wild
      1. Wireless As a Side Channel
      2. What About the Wireless Access Point Itself?
    3. Still, Wireless Is the Future
  6. 3. Beautiful Security Metrics
    1. Security Metrics by Analogy: Health
      1. Unreasonable Expectations
      2. Data Transparency
      3. Reasonable Metrics
    2. Security Metrics by Example
      1. Barings Bank: Insider Breach
        1. The players
        2. How it happened
        3. What went wrong
        4. Barings: “What if...”
        5. Barings: Some security metrics
      2. TJX: Outsider Breach
        1. The players
        2. How it happened
        3. What went wrong
        4. TJX: “What if...”
        5. TJX: Some security metrics
          1. Global metrics
          2. Local metrics
      3. More Public Data Sources
    3. Summary
  7. 4. The Underground Economy of Security Breaches
    1. The Makeup and Infrastructure of the Cyber Underground
      1. The Underground Communication Infrastructure
      2. The Attack Infrastructure
    2. The Payoff
      1. The Data Exchange
      2. Information Sources
      3. Attack Vectors
        1. Exploiting website vulnerabilities
        2. Malware
        3. Phishing, facilitated by social-engineering spam
      4. The Money-Laundering Game
    3. How Can We Combat This Growing Underground Economy?
      1. Devalue Data
      2. Separate Permission from Information
      3. Institute an Incentive/Reward Structure
      4. Establish a Social Metric and Reputation System for Data Responsibility
    4. Summary
  8. 5. Beautiful Trade: Rethinking E-Commerce Security
    1. Deconstructing Commerce
      1. Analyzing the Security Context
    2. Weak Amelioration Attempts
      1. 3-D Secure
        1. 3-D Secure transactions
        2. Evaluation of 3-D Secure
      2. Secure Electronic Transaction
        1. SET transactions
        2. Evaluation of SET
      3. Single-Use and Multiple-Use Virtual Cards
        1. How virtual cards work
      4. Broken Incentives
        1. Consumer
        2. Merchant and service provider
        3. Acquiring and issuing banks
        4. Card association
        5. He who controls the spice
    3. E-Commerce Redone: A New Security Model
      1. Requirement 1: The Consumer Must Be Authenticated
      2. Requirement 2: The Merchant Must Be Authenticated
      3. Requirement 3: The Transaction Must Be Authorized
      4. Requirement 4: Authentication Data Should Not Be Shared Outside of Authenticator and Authenticated
      5. Requirement 5: The Process Must Not Rely Solely on Shared Secrets
      6. Requirement 6: Authentication Should Be Portable (Not Tied to Hardware or Protocols)
      7. Requirement 7: The Confidentiality and Integrity of Data and Transactions Must Be Maintained
    4. The New Model
  9. 6. Securing Online Advertising: Rustlers and Sheriffs in the New Wild West
    1. Attacks on Users
      1. Exploit-Laden Banner Ads
      2. Malvertisements
      3. Deceptive Advertisements
    2. Advertisers As Victims
      1. False Impressions
      2. Escaping Fraud-Prone CPM Advertising
        1. Gaming CPC advertising
        2. Inflating CPA costs
      3. Why Don’t Advertisers Fight Harder?
      4. Lessons from Other Procurement Contexts: The Special Challenges of Online Procurement
    3. Creating Accountability in Online Advertising
  10. 7. The Evolution of PGP’s Web of Trust
    1. PGP and OpenPGP
    2. Trust, Validity, and Authority
      1. Direct Trust
      2. Hierarchical Trust
      3. Cumulative Trust
      4. The Basic PGP Web of Trust
      5. Rough Edges in the Original Web of Trust
        1. Supervalidity
        2. The social implications of signing keys
    3. PGP and Crypto History
      1. Early PGP
      2. Patent and Export Problems
      3. The Crypto Wars
      4. From PGP 3 to OpenPGP
    4. Enhancements to the Original Web of Trust Model
      1. Revocation
        1. The basic model for revocation
        2. Key revocation and expiration
        3. Designated revokers
        4. Freshness
        5. Reasons for revocation
      2. Scaling Issues
        1. Extended introducers
        2. Authoritative keys
      3. Signature Bloat and Harassment
        1. Exportable signatures
        2. Key-editing policies
      4. In-Certificate Preferences
      5. The PGP Global Directory
      6. Variable Trust Ratings
    5. Interesting Areas for Further Research
      1. Supervalidity
      2. Social Networks and Traffic Analysis
    6. References
  11. 8. Open Source Honeyclient: Proactive Detection of Client-Side Exploits
    1. Enter Honeyclients
    2. Introducing the World’s First Open Source Honeyclient
    3. Second-Generation Honeyclients
    4. Honeyclient Operational Results
      1. Transparent Activity from Windows XP
      2. Storing and Correlating Honeyclient Data
    5. Analysis of Exploits
    6. Limitations of the Current Honeyclient Implementation
    7. Related Work
    8. The Future of Honeyclients
  12. 9. Tomorrow’s Security Cogs and Levers
    1. Cloud Computing and Web Services: The Single Machine Is Here
      1. Builders Versus Breakers
      2. Clouds and Web Services to the Rescue
      3. A New Dawn
    2. Connecting People, Process, and Technology: The Potential for Business Process Management
      1. Diffuse Security in a Diffuse World
      2. BPM As a Guide to Multisite Security
    3. Social Networking: When People Start Communicating, Big Things Change
      1. The State of the Art and the Potential in Social Networking
      2. Social Networking for the Security Industry
      3. Security in Numbers
    4. Information Security Economics: Supercrunching and the New Rules of the Grid
    5. Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All
      1. Democratization of Tools for Production
      2. Democratization of Channels for Distribution
      3. Connection of Supply and Demand
    6. Conclusion
    7. Acknowledgments
  13. 10. Security by Design
    1. Metrics with No Meaning
    2. Time to Market or Time to Quality?
    3. How a Disciplined System Development Lifecycle Can Help
    4. Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
  14. 11. Forcing Firms to Focus: Is Secure Software in Your Future?
    1. Implicit Requirements Can Still Be Powerful
    2. How One Firm Came to Demand Secure Software
      1. How I Put a Security Plan in Place
        1. Choosing a focus and winning over management
        2. Setting up formal quality processes for security
        3. Developer training
        4. When the security process really took hold
      2. Fixing the Problems
      3. Extending Our Security Initiative to Outsourcing
    3. Enforcing Security in Off-the-Shelf Software
    4. Analysis: How to Make the World’s Software More Secure
      1. The Best Software Developers Create Code with Vulnerabilities
      2. Microsoft Leading the Way
      3. Software Vendors Give Us What We Want but Not What We Need
  15. 12. Oh No, Here Come the Infosecurity Lawyers!
    1. Culture
    2. Balance
      1. The Digital Signature Guidelines
      2. The California Data Privacy Law
      3. Security’s Return on Investment
    3. Communication
      1. How Geeks Need Lawyers
      2. Success Driven from the Top, Carried Out Through Collaboration
      3. A Data Breach Tiger Team
    4. Doing the Right Thing
  16. 13. Beautiful Log Handling
    1. Logs in Security Laws and Standards
    2. Focus on Logs
    3. When Logs Are Invaluable
    4. Challenges with Logs
    5. Case Study: Behind a Trashed Server
      1. Architecture and Context for the Incident
      2. The Observed Event
      3. The Investigation Starts
      4. Bringing Data Back from the Dead
      5. Summary
    6. Future Logging
      1. A Proliferation of Sources
      2. Log Analysis and Management Tools of the Future
    7. Conclusions
  17. 14. Incident Detection: Finding the Other 68%
    1. A Common Starting Point
    2. Improving Detection with Context
      1. Improving Coverage with Traffic Analysis
      2. Correlating with Watch Lists
    3. Improving Perspective with Host Logging
      1. Building a Resilient Detection Model
    4. Summary
  18. 15. Doing Real Work Without Real Data
    1. How Data Translucency Works
    2. A Real-Life Example
    3. Personal Data Stored As a Convenience
    4. Trade-offs
    5. Going Deeper
    6. References
  19. 16. Casting Spells: PC Security Theater
    1. Growing Attacks, Defenses in Retreat
      1. On the Conveyor Belt of the Internet
      2. Rewards for Misbehavior
      3. A Mob Response
    2. The Illusion Revealed
      1. Strict Scrutiny: Traditional and Updated Anti-Virus Scanning
        1. The evolution of the blacklist method
        2. The whitelist alternative
        3. Host-based Intrusion Prevention Systems
        4. Applying artificial intelligence
      2. Sandboxing and Virtualization: The New Silver Bullets
        1. Virtual machines, host and guest
        2. Security-specific virtualization
        3. Security of saved files in Returnil
    3. Better Practices for Desktop Security
    4. Conclusion
  20. A. Contributors
  21. Index
  22. About the Authors
  23. Colophon
  24. Special Upgrade Offer
  25. Copyright