re: what are realistic threats

• To: www-buyinfo@allegra.att.com, www-security@ns1.rutgers.edu
• Subject: re: what are realistic threats
• From: dmk@allegra.att.com (Dave Kristol)
• Date: Wed, 28 Sep 94 10:00:14 EDT
• Reply-To: dmk@allegra.att.com (Dave Kristol)

[This posting is a response to multiple previous postings.] 
Jeffrey I. Schiller <jis@mit.edu> says:
  > How realistic an active attack is depends on what you call an active
  > attack. I have seen programs that permit me to have a TCP connection to
  > you and yet provide an arbitrary IP source address. I may not be able
  > to see your responses, but I can feed you a lot of data that you will
  > believe originated from the claimed IP address.
Yeah, I've had a hard time defining just what I mean.  Let me try this
approach.  Let me define a "software" attack as one that I can mount from
the comfort of my workstation.  I would have superuser privilege and be
able to spoof IP addresses.  Let me define a "hardware" attack as one
where I have to change the network configuration, perhaps by sticking a
box in-between two pieces of the network that are connected directly.
Given these definitions, an "active" attack is the same as a "hardware"
attack.

Gary Gaskell <gaskell@dstc.qut.edu.au> says:
  > To some up.
  > If an attack is known, it is possible, and a threat should not be leftt 
  > open. The problem maybe, as authentication protocols have shown, it is 
  > near impossible to say something is secure (similar to saying your code 
  > has no bugs!)
I agree in principle.  ["When you say that you agree to a thing in
principle you mean that you have not the slightest intention of
carrying it out in practice."  -- Bismarck]  But I think there are two
gotchas:
1) Strong encryption in many cases implies public key systems.  Such
systems haven't been deployed yet for two reasons (IMO):  patent
questions and key management.
2) Not all applications may warrant the (admittedly desirable) stronger
security.

As has been said here and elsewhere, I suspect the decision will come
down to economics:  How much money will be lost?  By whom?  How
tolerant are they of such losses.

Mike Muuss <mike@arl.mil> says:
  > This sort of attack is not as difficult as you might think.  It is not
  > especially more difficult than conducting a wiretap on an analog line.
That seems pretty hard to me.  Any idea how often they're done by non-
governmental people?  [... since we know we can trust the government to
behave.]
  > 
  > If the rewards for doing so are sufficiently high, there will be plenty
  > of people who will mount this sort of attack.  To be more specific:
  > when the amount of money or goods that can be stolen in a short time
  > period by this sort of attack reaches the US$100k to US$250k range, then
  > this attack will become commonplace.
I wonder if the amount to be stolen from a WWW server is likely to reach
these levels "in a short time".  Of course, if someone can collect credit
card numbers, the amount could add up quickly.

David M. Kristol
AT&T Bell Laboratories

• Re: what are realistic threats
• From: hallam@dxal18.cern.ch

• Previous: re: what are realistic threats?
• Next: Re: what are realistic threats
• Index(es):
  • Index
  • Thread