Skip to content

Conspiracy Theorists, This One’s For You!

November 17, 2010

The annual report of the U.S.-China Economic and Security Review Commission, set up to monitor, investigate, and submit to congress an annual report on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China,  is reported to address “the increasingly sophisticated nature of malicious computer activity associated with China”.  This follows an alleged redirection of US internet traffic earlier in the year by China Telecom, the country’s state-sponsored telecommunications company.

Before we all get carried away with vilifying China, it’s perhaps worth pointing out that what (allegedly) happened with China is occuring on a smaller scale pretty much every day, everywhere around the globe.  On the X-Files, everybody thought Fox Mulder was paranoid when he said ‘Trust No One’.  This needs to become the new mantra of enterprises large and small, not to mention governments.

The truth is that the more organizations rely on large, distributed networks, like the Internet, to haul their traffic, the more they’re going to be exposed to a wide array of threats.  The more time spent focused on one perceived ‘bad guy’, the greater the exposure to the many other myriad threats that we see on a daily basis.

Of course, anyone who understands security should be aware that there is no such thing as “100% secure”: we can have policies, and standards, and controls (even very stringent ones), but the fact is, it’s a matter of degree rather than one of absolute effectiveness.  For old-school protocols that make up much of the fabric of the Internet (routing protocols, DNS, etc.), these are even more susceptible to attack, since most were developed before the ideas like cache poisoning, man-in-middle, and other attack vectors were even thought of.

So what do we do?  Dump name resolution protocols?  Abandon Layer-3 switching?  Deprecate BGP V4 routing?  Unfortunately, if we did these things, we’d all be out of business in short order.  The only solution, really, is constant vigilance: monitor everything you can as often as you can.  Of course, just because you’re capturing what’s going on, doesn’t mean you can act on it — nobody has an endless fleet of security analysts to monitor every flow packet, operating system event, host configuration change, performance metric, etc.  So the key becomes getting rid of the background noise, while highlighting the real problems.

So how do you make that happen?  One way — we at eIQ think the best way – is through situational awareness: collect everything, correlate it to weed out the noise and find the anomalies you need to be concerned about, and take appropriate action… all before bad things happen.

It’s only then that we’re going to collectively start identifying the ‘bad guys’ — around the globe or across the street – and start to proactively protect against them.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: