I am a bit puzzled by the claim that the email looked like those typically sent by the bank. We often tell users that no reputable organization would send this kind of email in the first place. Are we off base with that advice?

I see the ‘cloud’ as a higher level of risk than virtualizing PCs in a trusted environment. The use of robust encryption solutions are amongst the controls that data owners would do well to keep in mind when considering releasing their data to the cloud. Another important tool is the use of a well designed and well enforced contract. Information has value. I do not underestimate the Googles of the world and their voracious appetite for data mining.

Application virtualization empowers the security professional to manage applications from a central repository, thus reducing the overhead involved in maintaining patchlevels while making it possible to quickly and easily do a rollback when a buggy patch rears its ugly head. Virtual Desktop Infrastructure (VDI) is another technology that can simplify the life of the security administrator. Maintaining standard images of client desktops which are locked-down to purge user activity between sessions makes it much easier to retain top-down control over client operating systems. What really excites me, though, is ‘virtual appliances’ built upon JeOS (pronounced ‘juice’, Just enough Operating System). Without the bloat of unnecessary software and services, building just what we need on a minimal system, we drastically reduce the attack footprint and the resources required to operate necessary services. It seems the virtualization world is starting to come around to the concepts information security professionals have been preaching for a long time now…

I believe we would be foolish to not embrace cloud computing to mitigate traditional and emerging risks, but that golden egg will not be laid unless more standardization occurs in the industry. Until we can easily migrate a virtual appliance from one platform to another, we are still left with square pegs and round holes in the paradigm of proprietary platforms. My solution? Put pressure on the industry to develop a set of standards that will make it possible to deploy secured software and services regardless of the underlying hypervisor.

In the interim, play with the tools we currently have at our disposal to develop said solutions. Citrix, Sun, VMware, and a number of other vendors and projects (open and closed source) provide free versions of their virtualization solutions. Develop and maintain hardened virtual appliances and retain images for future deployments. Learn how keeping it simple really does increase control and thus security. And of course, get annoyed about the expense and additional work involved in having to do this for so many different platforms so that you feel the pain enough to raise your voice and demand standardization that will empower security professionals to more efficiently protect the assets we are charged with overseeing.

With the current scope of how bots are running rampant, how can just one person control the attacks? One problem that I see with the “Kill Switch” concept is that if someone truly wanted to cripple our government via bot attacks, the kill switch would have exactly the desired effect. Because it would halt all traffic to the affected network.

I think the best approach of the Cyber Security Act of 2009 is funding training of America’s citizens about what bot attacks are and how to prevent them. If we imposed sanctions against corporations that fail to patch their system with reasonable due care, these funds can go to continuing education of future cyber investigators, watchdog organizations and contribute to lowering the cost of certified software to reduce the threat on a personal computer level. Also according to actonline.org, “The ‘Next Billion’ Internet Users may bring on the ‘Next Billion’ Bots.

The Wall Street Journal reported this week that ICANN, manager of the Internet domain name system, is implementing internationalized domain names (IDNs). IDNs will help the next billion Internet users enter web addresses entirely in their native language and character sets. As part of this project, ICANN is encouraging users to test native character domain names in their browsers, email software, and other applications.

At the same time, ICANN and others should be warning new internet users against downloading any patches or new applications unless they are dealing with a trusted website and scanning for viruses and malware. Otherwise, ICANN is inviting the “next billion” users to download the “next billion” bots capable of generating spam, phishing fraud, and the kind of denial-of-service attacks that brought down Estonia’s internet.”

These next billion users, instead of perpetuating the problem can become part of the Army to fight Viruses, Spyware, malware, adware and the many bots, phishers and spammers that are currently plagueing the Internet. With this said, I still believe one person should not have the power to stop traffic. A committee of qualified individuals should be required to provide a corrective action scenario to the President and then and only then can the President have the switch flipped to turn off a portion of the Internet.

One fear I have is that if this power is abused or falls into the wrong hands then the attacker now has the ultimate power. Do you think that this scenario I possible and how can we prevent it from happening if we do not have checkpoint measures in place to prevent runaway power?

Reference:
ACT Organization – BOT Armies, What is the threat to US Cybersecurity, (2009). Retrieve September 16, 2009 from http://www.actonline.org/library/bot_armies.html

http://www.associatedcontent.com/article/415077/turkish_cyber_terrorists_attack_the.html

http://www.computerworld.com/s/article/9135406/Analysis_Was_North_Korea_behind_the_DDOS_attack_?source=rss_security