New encryption technology closes WLAN security loopholes

Rick Smith at Secure Computing rick_smith at securecomputing.com
Mon Oct 1 11:38:30 EDT 2001 

At 03:01 PM 9/30/2001, Dan Geer wrote:

>  >  Or in other words, the first requirement for perimeter security is
>  >  a perimeter.
>
>Wireless networks have no interior.

What you have is a perimeter that shrinks to that of the individual 
devices. And you have to slice and dice your security policy so it 
considers types of risk incurred by penetrating different types of 
perimeters, instead of simply saying one set of things is 'trusted' and the 
rest 'untrusted.'

In the world of crypto, you want to treat different perimeters differently 
simply because some risks are more profound -- the perimeter that protects 
long lived keying material is more important than the one to protect 
session keys, etc.

>  ...the apps are where the action is now.

I'd argue that this has always been true. The problem has always been that 
designers often ignore security issues and rely on features of existing 
products or infrastructure to provide the right protection. The results are 
often heavy handed and tend to leave gaps that are hard to monitor and/or 
patch.

The only way an application will get built-in security is if the design 
team includes someone who has looked at the security threats and developed 
application design requirements to address them. This doesn't seem to be a 
well-established process, partly because the requirements vary from one 
application to the next.

Financial systems represent one of the few application areas that have a 
set of reasonably well known security objectives, and they even have well 
known mechanisms to address them: the traditions of separation of duty and 
of double entry bookkeeping. These help detect unintentional errors as well 
as some types of intentional fraud.

>  Within my firm's experience, fully 70% of the fatal
>application vulnerabilities seen in the field are design flaws
>so there is certainly work to be done.

And I'll bet you can trace the flaws back to an absence of design 
requirements to address the associated security risks. This is depressing 
when a requirement might be blindingly obvious, like individual accountability.


Rick.
smith at securecomputing.com          roseville, minnesota
"Authentication" coming in October http://www.visi.com/crypto/




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list