# RootPrompt.org   Nothing but Unix.[Home] [Features] [Programming] [Mac OS X] [Search]


 Comments on The Enemy Within

Randy Bias (Insights into Information Security) says that in The Enemy Within: Firewalls and Backdoors the authors stretch the definition of "backdoor" way out of proportion and then proceed to use FUD to prove some (unclear) point about securing your network from them.

 (Submitted by Randy Bias Tue Jan 13, 2004 )

  Examples:

"There is no such thing as a casual or accidental scan of open firewall
ports."

"There is one common element among the three types of backdoors -
they all work by circumventing the elaborate multi-layer security
infrastructure"

"They avoid immediate detection by well-configured firewalls,
network & host IDS."

"There is little one can do to completely defend their network
from the use of backdoors."

So, basically your multi-layered defense is worthless and you need to filter outbound network traffic as much as possible, force it through chokepoints and force users to authenticate.

I have many problems with the article, but chief amongst them is that it's overly alarmist. A properly configured multi-layered defense will include things like outbound filters, separating your at-risk endusers (who might install backdoored software) from more secure server networks, and a HIDS solution for your servers that won't be easily circumvented.

The last quote (above) reveals a lot about the authors flawed thinking. There is no way to "completely defend" against attacks. That's why the philosophy of a multi-layered defense exists. And if your multi-layered defense plan doesn't consider this particular attack vector, that shows a flaw in your plan, not in the philosophy.

I think this issue needs to be talked about and discussed, but not like this.


Our content can be syndicated: Main page Mac Page

Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author