About This E-Book
EPUB is an open, industry-standard format for e-books. However, support for EPUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturers Web site.
Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the e-book in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a Click here to view code image link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app.
Thinking Security
Stopping Next Years Hackers
Steven M. Bellovin
New York Boston Indiannopolis San Francisco
Toronto Montreal London Munich Paris Madrid
Capetown Sydney Tokyo Singapore Mexico City
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals.
A complete list of sources and credits appears on pages .
The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at or (800) 382-3419.
For government sales inquiries, please contact .
For questions about sales outside the United States, please contact .
Visit us on the Web: informit.com/aw
Library of Congress Cataloging-in-Publication Data
Bellovin, Steven M., author.
Thinking security : stopping next years hackers / Steven M. Bellovin.
pages cm
Includes bibliographical references and index.
ISBN 978-0-13-427754-7 (hardcover : alk. paper)
1. Computer networksSecurity measures. 2. Computer security. I. Title.
TK5105.59.B45154 2016
658.478dc23
2015030719
Copyright 2016 Steven M. Bellovin
All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, 200 Old Tappan Road, Old Tappan, New Jersey 07675, or you may fax your request to (201) 236-3290.
ISBN-13: 978-0-13-427754-7
ISBN-10: 0-13-427754-6
Text printed in the United States on recycled paper at RR Donnelley in Crawfordsville, Indiana.
First printing, November 2015
To Diane, for many reasons and then some,
and to Rebecca and Daniel who asked me not
to write another book but no longer live at
home and hence dont get a veto.
Contents
Preface
Most computer security books tell you what to do and what not to do. This one tells you why.
The list of security dos and donts is long: run antivirus software, get a firewall, lock everything down, follow extensive checklists, encrypt everything in sight, watch everything that goes on in your network, (especially) bring in over-priced consultants, and so on. The results are dismaying: companies are spending a great deal on security, but we read of massive computer-related attacks. Clearly, something is wrong.
The root of the problem is twofold: were protecting (and spending money on protecting) the wrong things, and were hurting productivity in the process. Unlike automobile locks, which increase a cars functionality by enabling you to park in bad neighborhoods, computer security tends to stop a user from doing something rather than enabling them to go into bad neighborhoods safely. Peopleread that as employeeswant to be productive; when security measures get in their way, guess whats going to suffer? Thats right: security.
The solution, though of course easier said than done, is similarly twofold: protect the right things, and make it easy for employees to do the right thing. That requires more than checklists; it requires thought about the actual threats and technology. Thats what this book is about: how to think about security.
Protecting the Right Things
Security starts by knowing what youre protecting and against whom. A corollary to this is that any security advice that doesnt start with those two questions is wrong: youll spend too much effort on the wrong things. If youre protecting national security secrets against foreign intelligence agencies, you probably need every defense ever invented and some that havent been invented yet. You also need defenses against the three Bs: burglary, bribery, and blackmail.
]). The typical attacker today is motivated by money; the question you have to ask yourself is how an attacker can monetize your computers and networks. If you work for a bank, the answer is pretty obvious; banks are, to quote the famous line, where the money is. But any random computer can help the bad guys steal from the rest of us, so we cant let our guard down. These attacks, though, will be often opportunistic rather than targeted. Even then, there are different gradations of risk.
Theres a corollary to this: defense is also about money. It makes no sense to spend more money to protect an asset than you have at risk. Theres a saying that bears remembering []: Amateurs worry about algorithms; pros worry about economics. Your goal is not to make a system penetration impossible; rather, its to make it too expensive for your enemies, while not spending too much yourself.
Lets look at passwords as a typical example. Weve been told for more than 30 years that weak passwords are a bad idea []. Its absolutely true; break-ins caused by poor password selection are very real. Were also told never to write down a password. However, the world has changed in many ways since 1979.
Suppose I pick a really strong password. Well, Im not picking just one really strong password; Im picking many different ones, for all the different web sites I have to log in to. Theres no way I can remember all of them; Im certain to forget a few, so Ill have to resort to a password recovery mechanism. And what is that? For many web sites, theyll just email me the password. The security of my account, then, depends on the security of my email, right? Not quitetheres more.