Ask Slashdot: Preventing Snowden-Style Security Breaches? 381
Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"
Focus on insiders first (Score:4, Interesting)
Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.
If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.
My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.
Simple: (Score:4, Interesting)
Stop doing things that seem illegal or immoral to your employees. Stop lying. Stop cheating. Stop cowering behind secret courts.
As people say about the data collected by the NSA: if you haven't done anything wrong then you have nothing to hide. The NSA was hiding this program because they knew it was wrong.
Nothing can be done... Nothing (Score:4, Interesting)
No matter how deep a background check goes, no matter how thorough the inquiry is into a person's character, no matter how many interviews are made of friends and family, and no matter how many polygraph tests are performed, if a person is given a position that requires some trust there is always going to be a chance that this person is going to abuse the trust. Psychopaths and sociopaths the the scariest of these people because they have no problem with lying, are good at it because they are usually good at being manipulative, are often very well liked by family and friends, and can lie without end like a baby-kissing politician running for re-election and still pass a polygraph test.
Perhaps the problem is in the kind of people being sought for these jobs that require great trust. While a person needs to be squeaky clean to get security clearance, perhaps the squeaky clean requirement is causing the government to choose some from the wrong pool of candidates. My experience has been that you will have a better chance of finding an honest man (or woman) by looking at those who have messed up in his or her life, is genuinely repentent, and has demonstrated through years of clean and honest living that he or she is worthy of such great trust. The gratitude that comes from being given this second chance is an incredible motivator in steering a straight and narrow course through life.
Re:Nice try NSA (Score:5, Interesting)
Do it like the GDR? (Score:5, Interesting)
Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.
But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.
Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.
I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).
Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC [wikipedia.org]
I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems [wikipedia.org], which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...
Re:Do it like the GDR? (Score:5, Interesting)
In addition to what you wrote: http://en.wikipedia.org/wiki/Border_guards_of_the_inner_German_border [wikipedia.org]
As a further measure to prevent escapes, the patrol patterns of the Grenztruppen were carefully arranged to reduce any chance of a border guard defecting. Patrols, watchtowers and observation posts were always manned by two or three soldiers at a time. They were not allowed to go out of each other's sight in any circumstances. When changing the guard in watchtowers, they were under orders to enter and exit the buildings in such a way that there were never fewer than two people on the ground. Duty rosters were organised to prevent friends and roommates being assigned to the same patrols. The pairings were switched (though not randomly) to ensure that the same people did not repeatedly carry out duty together. Individual border guards did not know until the start of their shift with whom they would be working that day. If a guard attempted to escape, his colleagues were under instructions to shoot him without hesitation or prior warning.
Re:simple (Score:5, Interesting)
https://en.wikipedia.org/wiki/FBI_Index
Read this, Subversives: the FBI's war on student radicals
http://www.amazon.com/Subversives-Student-Radicals-Reagans-Power/dp/0374257000
Based on de-classified FBI memos, it describes how th FBI kept security and reserve lists of political enemies, that could be detained at a moments notice.
Its a clear example on how we got damn close to having our own "night of long knives".
https://en.wikipedia.org/wiki/Night_of_long_knives
Re:simple (Score:4, Interesting)
Sure my gut tells me the same; but that doesn't mean I think much can be done about it in most situations. The simple fact is you need your employees to do their job, if your information is so valuable to your business, then its even more likely that impeding them getting it is impeding your business.
Security measures are best seen as insurance since they can never pay off in the positive, they can only cost, and hopefully, less than the alternative....and that cost isn't just the cost of doing them once, but the cost of keeping them up every single day and the entire effect of that.
I seriously think a person trying to solve this problem is, most likely, trying to solve the wrong problem, unless perhaps, he is a criminal, or actually has data that is worth more to a criminal than the HR database of names, SSN, addresses, salaries etc.... which is unlikely for anyone asking slashdot.
Re:simple (Score:5, Interesting)
The magna carta is a wonderful document. More important perhaps in the history of laws than even the US constitution as a statement of rights, simply because the magna carta was the *first*.
But the rights it outlays are fairly simple, and rather indicitive of its times.
[quote]
1. FIRST, We have granted to God, and by this our present Charter have confirmed, for Us and our Heirs for ever, that the Church of England shall be free, and shall have all her whole Rights and Liberties inviolable. We have granted also, and given to all the Freemen of our Realm, for Us and our Heirs for ever, these Liberties under-written, to have and to hold to them and their Heirs, of Us and our Heirs for ever.
9. THE City of London shall have all the old Liberties and Customs which it hath been used to have. Moreover We will and grant, that all other Cities, Boroughs, Towns, and the Barons of the Five Ports, as with all other Ports, shall have all their Liberties and free Customs.
29. NO Freeman shall be taken or imprisoned, or be disseised of his Freehold, or Liberties, or free Customs, or be outlawed, or exiled, or any other wise destroyed; nor will We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the land. We will sell to no man, we will not deny or defer to any man either Justice or Right.[45]
[/quote]
Then theres a bunch of other ones like the king has to stop taking hostages ( a surprisingly common event in medieval europe ) , mercenaries have to gtfo of england, "all evil customs connected with forests were to be abolished" and other assorted medieval jurist things.
But in terms of stop and search, AFAIK your rights are preserved only as far as a right to a fair trial, I'm afraid.
Its an old document, more or less a first attempt at codifying limits on executive power.
I support the NSA's collection and leaking! (Score:5, Interesting)
I've given this a lot of thought, and compiled a solid rant on the subject.
My thesis about privacy in 2013 - 2020:
Lets start with some facts:
1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.
So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.
Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.
Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!
Information WANTS to be free! EVERYONE should have access to EVERYTHING!
Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.
Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).
Sources:
1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html [spiegel.de]
2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/ [mashable.com]
3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html [bloomberg.com]
4. Bradley Manning, Edward Snowden
5. http://www.news.com.au/ [news.com.au]
6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse [io9.com]
7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
8. I read your email. Get over it.
9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy [policymic.com]
10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/ [cnet.com]
11.