Monday, 16 August 2010

Security idea

Was wondering - there are so many sites out there trying to crack
into your home or work systems - but why is it so easy for them?

Consider this. If I have a secured host, then typically it sets
behind a firewall, and it takes a lot of dedication to get this right,
and keep it right.

And what makes life so difficult is you cannot sit back and assume you
have done a good job. You have to track software updates and exposures
and be careful if a new exposure is found.

But how do the crackers do this? Typically, things like dictionary
attacks against known ports, e.g. trying all known passwords against
the ssh port.

Some of these are easily defeated - just pick a non standard port
for your ssh daemon. And your ftp daemon. And your web server. And your
PHP server. And ...

This is crazy/insane.

How about this for an idea. Have a "randomise" button on all your appliances.
In the same way that a video/mp3 server can connect automatically
to iTunes or some other home network (NAS, NFS, CIFS, etc) and you can
use DHCP to autoallocate resources, you would have a tool - which all
systems respond to.

When you select "randomise" all services on your internal intranet randomise
the ports used for standard services, and add a new encryption or obfuscation
key. All devices need to partake in this.

Now, external entities have nothing to target. They dont know
what ports to use, and if they find a port, they dont know whats behind
it. Normal sniffing techniques wont work - its all encrypted or obfuscated.
Things like HTTP protocols or FTP protocols could be reprogrammed to use
different words in the header request, or put a random preamble there.

Even the bytes in packets could be jumbled up, so packet injection wont

Theres a lot of details to work out - on each tool, protocol and network
layer. But I cant think of a way to hack a network when there is nothing
to gain insight into. (Internal to outgoing connections would need
to negotiate if randomisation is possible, and/or routers would
need to be developed to allow intranet to extranet connections).

This would save so much problems, trying to adjust the files in /etc
and manually reconfiguring systems.

Post created by CRiSP v10.0.2a-b5882

No comments:

Post a Comment