What does the SecuringAIX blog, or any OS, have to do with concerns regarding identity theft, such as those incidents showing up in Dutch news? BTW: The botnet in the news in Holland is called “Pobelka,” which is Russian for "money laundering." I expect similar stories are being reported in the rest of the world, although the Dutch press will have us believe the Dutch region is "special" as it is one of the most densely integrated IP infrastructures. In short, recent events have me questioning myself: What impact does this have on security measures at an OS level.
This returns to the same concerns of an earlier post—"Are You Sure About Your AIX Security?"—when I wrote about the avalanche of security breaches in user systems (i.e., “desktop” and other botnet targets).
Modern criminal attacks don’t focus on attacking the OS directly or on deleting files. Instead, they focus more on being clandestine—staying as long as they can and harvesting all kinds of information. Remember “analytics?” Well, my assumption is criminals are tech savvy enough to know that business analytics can also be applied to information harvested from PCs.
OK, so now I have made myself nervous (read “scared”), and I still struggle with my Charlie Brown reaction—"my stomach hurts." But I am back to my initial question, “What does, or can, this mean in terms of OS security?”
The short-term impossibilities: in-depth knowledge of all of the applications on my system. Application mechanisms are also at risk—more so than the OS mechanisms—because the identity information harvested is more likely used, short term, to gain access to an application as a recognized user. The potential short-term approaches include throwing some technology at it (read: nothing I want to do because I don’t have a clear enough definition of what I want to, or think I can, accomplish).
"My Stomach Still Hurts!"—Where to Start?
I'll be honest with you—and myself. There are no simple answers. However, I am getting more "nervous" about the widespread use of sudo as the mechanism/technology for controlling access to root. The “opponents” know of the growing dependency on this tool as well as its precise weak points. I assume they buy, install and study intricate—yet easy—ways to break through the protection a technology is supposed to provide.
(Note: I also think controlling access to root is the wrong approach to *NIX security. Instead, I want—literally—to control access.)
For now, I sit with my question and think about the expected requirements for some sort of role-based—there you have it again—access control as well as additional “real” requirements for auditing. As I come up with ideas—ideally that span technologies—I will shall share them with you. And, less ideally, I’ll talk about technology-based approaches in coming blog posts and replies to comments.
My request? Share your questions and insights via comments to SecuringAIX!
Have a safe and secure day!