ISBN: 0-387-02620-7 295 pages
The big frustration for security professionals when dealing with security issues is that most people – including those making security decisions at all levels of our society, starting with the President of the United States and working down – simply don’t get it. What they mostly don’t get is that all security policies and all security decisions involve tradeoffs, that all security policies and all security decisions address agendas not problems, and that many security policies and measures are made for others by people whose agendas may differ radically from the agendas of the people on whose behalf they are making the decisions.
Bruce Schneier gets it, and this shows clearly in his new book. If you could only read one book about security, the book you should read is Beyond Fear.
On a pragmatic level, Beyond Fear gives you a set of tools to evaluate any given security policy or measure (actually, these can be used to judge any social policy of measure):
1. What assets are you trying to protect?
2. What are the risks to these assets?
3. How well does the security solution mitigate these risks?
4. What other risks does the security solution cause?
5. What tradeoffs does the security solution require?
As all of us have seen in the last few years, security decisions are rarely straightforward. As an example, many spend a good deal of time criticizing airport security measures, few of which address airport security issues. However, if you realize that the purpose – the agenda – was not to increase airport security, but to make you feel comfortable about flying so that the airline infrastructure didn’t collapse, it all makes sense. It is security as theater, not security as protection. Is it worth it? That depends on your agenda, and Schneier deals with this issue.
The author emphasizes the importance agendas and tradeoffs. For example, which better – and for whom?
a. To spend $60 billion making us feel better about flying,the inconvenience of which will cause a large number of people to drive rather than fly, which in turn will mean that the actual number of travel deaths will go up because of the security measures.
b. To spend $60 billion on intelligence gathering to have information that might allow us to prevent terrorist attacks.
c. To spend $60 billion on finding a cure for cancer or malaria or some other disease.
The “better” decision depends very much on who you are.
Beyond Fear also considers the philosophical nuts and bolts of security. How do systems interact and fail? Are you better off having multiple levels of systems? Should you protect against things that don’t matter? How do detection, protection, and response all work together to increase security? What are the differences among the three distinct concepts (which seem to puzzle so many) of identification, authentication, and authorization?
If you are involved in making decisions about security policy (something which is rarely entrusted to security people), this book will help put you in a position to understand what is actually involved, and to make sure your decisions are designed to meet some determined need – hopefully actually addressing some risk in a reasonable manner – rather than throwing money blindly, with the feeling that security is a needless cost which adds nothing to the bottom line.
When we get e-mail we face a number of problems. One, of course, is spam, which we deal with using MailWasher from Firetrust. The other is people putting bad things into their e-mail messages, like viruses and worms, which we deal with by using anti-virus software, which we update regularly.
There is, however, a whole set of other objects, some dangerous and some not, that come wafting their way to us via e-mail, and of which many are unaware. These include web bugs, malicious html, scripts, and in some cases as-yet unknown viruses and worms. We deal with these threats and potential by using Benign, also from Firetrust, the MailWasher people.
Benign stands between your ISP’s POP3 server and your e-mail client. More technically, according to the good folks at Firetrust, if Benign is the only incoming mail scanner then Benign will come first, then your e-mail client, and then your antivirus program. If Benign is not the only incoming mail scanner (i.e., your anti-virus software scans incoming e-mail) then normally the antivirus mail scanner will come first, then Benign, then a second scan by the anti-virus mail scanner (if the mail client is connecting to Benign using the default port 110), then the e-mail will arrive at the e-mail client.
Benign looks at the incoming e-mail and recognizes odd or undesirable HTML code and strips it out. It takes out 1×1 images, which are often web bugs that send back a message saying you are a valid e-mail address. It renames or blocks scripts and executable code. What you are left with is your e-mail, stripped of dangerous attachments and potential problems.
How many potentially bad things are you likely to have? Today we had 38 e-mails come to our machine, of which 22 were filtered. This filtering included renaming 14 attachments, removing 194 non-standard HTML tags, removing 102 scripting tags and attributes, and blocking 2 web bugs. Were all of these serious threats? No. Is there any reason for us to have received them? No.
Once installed, the operation of Benign is transparent to the user. Installation is trivial, and, if you are lucky, will be automatic. If you are less lucky, you will have to manually configure your e-mail client according to the simple instructions given for the listing of e-mail clients. For other issues, there is a Firetrust user group at http://www.computercops.biz/forums.html.
We had two other minor problems. The first is that the installation program writes to the Windows hosts file, which on our machine was marked read only by Spybot (discussed in the July 2003 e-Journal) to protect it from hijackers. To deal with this, you can temporarily unselect this option in Spybot, or you find the hosts file (on our machine it is in C:WINNTsystem32driversetc), click on the file with the right (as opposed to left) mouse button, and un-check the read only box. Reset it after the installation. Problem solved!
The other problem was that the installation made port 110 visible to the outside world (you can test this by running a port scan using Steve Gibson’s Shields Up! program at https://grc.com/). In theory this is not a big deal, as the port will reject any attempts to use it, but we personally feel more comfortable with the port simply being invisible, and thus not tempting hackers. Fortunately, this is just a matter of tweaking your firewall. (We say this very casually, but, entre nous, it took the helpful ZoneAlarm experts at their technical forum at http://forums.zonelabs.com/zonelabs to figure out how to do this.) In the case of ZoneAlarm Pro 4, the firewall we use, it appears that all you do is put in an expert rule for Benign by opening ZAP4, selecting Program Control, clicking on Firetrust Benign, selecting Options/Expert Rules, clicking on Add, then filling in the boxes with:
Name: POP3 server Rank: 1 Action: Allow Source: My Computer Destination: The IP address of your POP3 server from your ISP Protocol: POP3
Figuring out the mechanics of entering a program expert rule in ZoneAlarm – and entering it – takes about five minutes. This small effort makes everything work, and, milagro!, port 110 is hidden! We are given to understand that the process is similarly trivial with other firewalls.
We strongly recommend Benign for your consideration.