The current model for most cybersecurity is “perimeter defense”: The “good stuff” is on the “inside,” the attacker is on the “outside,” and the job of the security system is to keep the attacker out. The perimeter defense model is built deeply into the very language used to discuss security: Hackers try to “break in,” “firewalls” protect the system, “intrusion” must be detected, etc. But is perimeter defense the right underlying model?Natürlich haben sie darauf ihre Antworten:
We do not think so, for several reasons. First, perimeter defense does not protect against the compromised insider. The Federal Bureau of Investigation (FBI) has reported that in one sample of financial systems intrusions, attacks by insiders were twice as likely as ones from outsiders—and the cost of an intrusion by an insider was 30 times as great.Also was tun?
Second, it is fragile; once the perimeter has been breached, the attacker has free access. Some will say that this is why “defense in depth” is needed—but if each layer is just another perimeter defense, all layers will have the same problems.
Third, and most important, it has never worked. It did not work for ancient walled cities or for the French in World War II (at 20 to 25 km deep, the Maginot Line was the most formidable military defense ever built, yet France was overrun in 35 days). And it has not worked for cybersecurity. To our knowledge no one has ever built a secure, nontrivial computer system based on this model.
We think we should take our cue from the Internet. That is, there should not be just one model. Rather, there should be a minimal central mechanism that enables implementation of many security policies in application code—systems attuned to the needs of differing applications and organizations. (...) Is such a minimal mechanism feasible? We think so. In particular, at the network level, an application can use any computable function to decide whether or not to provide its service to a client if it can be absolutely certain who is requesting it. There is a class of algorithms known as “cryptographic protocols” for doing this that require knowing the public key of an object — so we conjecture that by providing just a way of accessing the public key of an object, one could build an arbitrary end-to-end security policy.Das Gespräch mit Nicolas Mayencourt von dreamlab technologies in Bern, angeregt durch den Artikel von Wulf & Jones, macht etwas klarer, was damit gemeint sein könnte:
Gesendet in gekürzter Fassung im "Netzgespräch" auf DRS2 heute.