A personal website by Khürt Williams, with imagery, and inchoate ramblings on coffee, beer, and geekery.
Negative security model ( known bad ). Must know about all possible attack vectors. Not possible.
Reference: Metasploit, HD Moore, VoMM.
Positive security model. Intent and reputation model. Something is good because of its known intent and reputation. Real world example. Credit score. If I have a reputation for defaults or late payments then I will get a lower credit score than someone who pays bill on time or in full.
TrustedSource. In Web 1.0 world trust is implied by user. User assumes that content on other end will not be malicious. In Web 2.0 trust can not be guaranteed. Many new vulnerabilities and attacks. Most new web traffic is Web 2.0. Lot of code is executed in the browser (endpoint).
Need engine on URL filter to trap malicious code and clean/drop before content is delivered to end point. Policy driven. Webwasher (proxy/web caching appliance) handles SSL traffic by decrypting/re-encrypting SSL traffic in memory on the fly and blocking invalid certificates or sites based on policy. Privacy issues. Suggested policy is that only reputation challenged sites usign SSL be scanned. Passes EU privacy laws.
Example: Storm Bot
Over 1 million machines infectedWeb based vectorPayload is P2P botnet.
Webwasher is CyberGauard Linux locked down to Common Criteria recommendations.
Q4/2007 – Support for Novell eDirectory.
Q1/2008 – Webwasher 6.7 – Desktop Agent, NTLM for transparent authentication.
Desktop Agent – Allows enforcement of filter policy for remote users. Q1/2008.
Q4/2008 – Web Reporter 7.0 – combined Smart Reporter and Content Reporter. SmartFilter delegated administration. Instant Messaging integration. Protocol based filtering!. Will have similar functionality to IMLogic.
NOTE: Getting the idea that TrustedSource is a big deal for Secure Computing.
Liked this post? Follow this blog to get more.