Is it not logical that if you close the door to your security system you could reduce the risk and have less vulnerability? Would you not reduce the likelihood of a successful attack with less exposure with a closed software system? The question is, when considering security risks in your system, which is better to use an open or closed source?
There has to be an understanding between the security of a system, the exposure of the system and the risk associated with using the system. Risk is defined as a combination of the likelihood of a successful attack and the damage resulting from it. The exposure of a system is not just that hackers can get into the system but that they know the vulnerabilities and whether the system is a high profile target. How secure the system is depends on the number of vulnerabilities and the severity.
A closed source prevents the attacker from easy access. However, it is well know that hackers take it as a challenge and they do not stop until they get access into a closed source and they can create havoc. One of the major problems is that the producers of the closed source are the only ones that can create patches to the vulnerabilities that have been compromised. A big problem is that it will take them weeks or months to implement their patches. In the meantime, they will be vulnerable to hackers. These hackers will provide the information to other hackers and the public over the internet eventually creating even more disaster for the victim.
An open source system does provide exposure to the public and actually puts the potential victim on guard where they have to install preventive software patches to protect themselves. However, this is a good thing because open source users help each other by making these patches available to a central repository. There is a network effect, where users can find more and faster patches to quickly resolve their problem. This also enables them to add extra security measures. Evidence suggests that patches for open source software are released almost twice as fast as for closed software, thus cutting in half the vulnerability period. If a user is unable to patch a bug himself, open source enables him to communicate about bugs with developers more efficiently. Because it is an open source to the public as a side effect, this will stimulate research and development in new, improved tools for software development, testing and evaluation. In the long run openness of the source will increase its security.
Friday, October 2, 2009
Data Remanence - Journal 5
I selected the article “How can DRAM remanence compromise encryption keys” by Michael Cobb at SearchSecurity.com because it discusses the attacks on random access memory which is the next step in data or disk remanence vulnerabilities. In data remanence the concern is the data that has been erased but still exists in hard drives. This article discusses the concern on the encryption keys where they linger in the RAM after the computer is turned off. It is unknown how much the risk is because it is an emerging threat and hackers will not publish their findings, at least not yet. This article also advices the readers on basic defenses such as physical prevention and training in awareness of the latest risks in RAM and disk remanence.
Thursday, October 1, 2009
Monday, September 28, 2009
Wireless Infidelity
1. What is war Driving?
Answer:
War driving is wireless monitoring but with the unlawful or unethical intent by intruders for their gain or profit.
2. What is Wired Equivalent Privacy (WEP)?
Answer:
A security protocol for wireless local area networks defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.
3. What was the lessoned learned form War Driving?
Answer:
A person who is war driving has a very high possibility of getting prosecuted because judges are now willing to accept a reason of intent as being sufficient to put someone behind bars.
Answer:
War driving is wireless monitoring but with the unlawful or unethical intent by intruders for their gain or profit.
2. What is Wired Equivalent Privacy (WEP)?
Answer:
A security protocol for wireless local area networks defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.
3. What was the lessoned learned form War Driving?
Answer:
A person who is war driving has a very high possibility of getting prosecuted because judges are now willing to accept a reason of intent as being sufficient to put someone behind bars.
Subscribe to:
Posts (Atom)
