|
|
Lynne Jolitz's Articles, Papers, Books, Seminars (1984-2002)
November 2002. Byte.com, USA. DNS on the Hot Seat. Distributed DOS attacks on the Internet's root servers can grind Web traffic to a halt. Is it time to find a replacement for DNS? Feature article.
October 2002. Grace Hopper Conference 2002, Vancouver, BC. From 386BSD to OSPREY: The Evolution of an Operating System. While 386BSD is famous for pioneering inexpensive 386-based Unix systems for academics and open source code for programmers, it also proved to be a fungible framework for new approaches, unfettered by legacy or short-term commercial objective. This paper examines a single aspect of OS operation in the form of tracking root resource usage in a server, specifically processor and memory. This aspect is extremely relevant to all corporate datacenters, as the cost effectiveness of banks of as many as hundreds of servers is directly related to how effectively these two are utilized. Poor utilization of resources means a datacenter needs more machines to do the same work, while perfect resource utilization would match resource to need exactly. The author believes that the findings generalize to most other aspects of servers, as they derive efficiencies from the underlying effectiveness of these root resources – issues 386BSD addressed years ago. Due to the structure of Unix itself, however, some root resource legacies can only be conquered with a radical new approach, inspiring the OSPREY system.
4/97  Software Development Conference, San Francisco, CA. And Why the Internet Will Bury NT(With William F. (Bill) Jolitz). The Internet is metamorphosing into a single vehicle for information. The question is no longer Who will win the OS war, but instead Is the OS war relevant anymore? This talk examines how this new Internet age and its demands force the reshaping of OS technologies and the industry. Then Sliders scenarios are presented along with predictions about the next set of OS technology losers and winners.
3/96 Software Development Conference, San Francisco, CA. Why NT Will Bury UNIX(With William F. (Bill) Jolitz). The operating systems wars have been waged as long as computers have existed. Now, an aggressive and determined software company is attempting to position itself to conquer the entire market. In this paper, we answer the questions: How real is this threat? What are the actual stakes? And should NT succeed, where does UNIX stand as an also-ran? We also provide a preview of the pending truly new technology operating systems -- where the next great battleground will be fought.
8/95 Dr. Dobb’s Journal, USA: Programmer’s Bookshelf: Perspectives on Computer Security. When you get on the net, who can you trust? Lynne examines several new books that address this question: Network Security: Private Communications in a Public World, by Charlie Kaufman, Radia Perlman, and Michael Speciner; E-Mail Security, by Bruce Schneier; Network Security, by Steven Shaffer and Alan Simon; and Network Security: How to Plan for It and Achieve It, by Richard H. Baker.
[Embedded in "Le Monde En Tique" ]
Perspectives on Computer Security
Review by Lynne Greer Jolitz
Copyright (C) Dr. Dobb's Journal, August, 1995
For most people, security is as simple as locking the front door or putting
a Club on a car's steering wheel. For networked computer users, security
is a devilish issue, because a computer system can be compromised by any
one of millions of other computers around the globe. Fortunately, a good
number of books on network-security techniques are available, and while
none will protect a computer from the latest attack (you'll just have to
keep up on journals and conferences for that), many offer valuable insights.
Network Security: Private Communications in a Public World, by Charlie
Kaufman, Radia Perlman, and Michael Speciner, discusses the practical issues
of secure communications, including cryptographic techniques, applied-number
theory, authentication, and integrity. It also covers existing Internet
mechanisms used to increase network security (Kerberos, PEM, PGP, and the
like) as well as extensions to X.400 and NetWare. Finally, the book provides
a good overview of encrypted communications and authentication as currently
used on the Internet. It avoids matters such as the formal government-security
framework and concentrates on the actual moving pieces used in security
mechanisms.
I enjoyed this book primarily because it was loaded with insider jokes and
minutiae, such as "UNIX, an unusually user-hostile and otherwise mediocre
operating system" or (my personal favorite)
plausible deniability, a situation in which events are
structured so that someone can claim not to have known or done something,
and no proof exists to the contrary. Whenever this term comes up, the person
in question is almost certainly guilty.
The authors are not afraid to voice opinions on popularly perceived solutions
to insecure networks. For example, the current trend of developing, selling,
and purchasing commercial firewall packages is concisely characterized by
Charlie Kaufman:
Firewalls are the wrong approach. They don't solve the general problem,
and they make it very difficult or impossible to do many things. On the
other hand, if I were in charge of a corporate network, I'd never consider
hooking into the Internet without one. And if I were looking for a likely
financially successful security product to invest in, I'd pick firewalls.
The meat of Network Security: Private Communications in a Public World
is its practical introduction to communications-oriented security in the
form of encryption and authentication; specific implementation details are
described only casually. Of particular interest in this post-Mitnick era
is the brief discussion of sabotage-resistant routing protocols. Since routing
is the next logical target of attack, it is an area worthy of critical study.
In fact, secure routing and network integrity alone could fill another book.
Network Security: Private Communications in a Public World provides
a balanced treatment of controversial topics (such as cryptography), but
it isn't a war-stories book. The level of discussion is technical enough
to get the point across, yet not so detailed as to become dull. Still, the
book lacks descriptions of attacks against TCP and DNS. Even though they've
been covered in other security books, these topics still have a place in
a discussion of attack pathologies.
The book also omitted discussions of the Green Book, the follow-up work
to the Orange Book (which maps the Trusted Computing metaphor into a networking
paradigm). While of admittedly limited use, the Green Book does offer sanguine
observations about network security that fall into the scope of this book.
Finally, the text jumps right into specific algorithms without bothering
to develop the subject of cryptography. The result is an incomplete picture:
It's unclear why a certain technique is employed in a given algorithm or
why an algorithm is considered flawed.
E-Mail Security for the Layman
While insider stories and algorithmic examinations are interesting, they
are less than useful to the individual trying to protect e-mail from prying
eyes. To complicate matters, while regular surface mail is protected by
a host of laws regarding privacy and is processed by a quasi-governmental
agency which must follow certain regulations, most e-mail correspondence
is not (yet) as carefully protected or regulated. The law is still murky
regarding privacy from coworkers, system administrators, managers, and the
like. Thus, protection of sensitive correspondence and the limits of such
protection are topical subjects.
E-Mail Security: How to Keep your Electronic Messages Private, by
DDJ contributing editor Bruce Schneier, is an in-depth treatment of electronic-mail
security intended for immediate application by the reader. Schneier begins
with an overview of electronic-mail security and goes on to discuss and
contrast the two preeminent security encapsulations used in network electronic
mailPretty Good Privacy (PGP) and Privacy Enhanced Mail (PEM). Finally,
the book addresses restrictions placed on its use by the government and
intellectual-property rights.
Schneier's discussion of finite mathematics alone is worth the price of
the book. The one downside is Schneiers view that it is absolutely good
to secure all communications in this manner. While this approach probably
appeals to his target audience, it is ironic that the same tools that can
prevent misappropriation of information can also be used to shield a scoundrel
who misappropriates others' work. Yes, I've heard the argument that anyone
who doesn't secure their work deserves to be punished, but that's just the
old blame-the-victim routine, which doesn't deal with reality.
In addition, shielding posters or remailers on the net, making them effectively
anonymous, is not a defensive security approach intended to keep personal
e-mail private, but instead an ideologically motivated offensive tactic.
Net users should be aware that this approach is rarely used for purposes
of, say, revealing a governmental plot to suppress information: Instead,
it's used for character assassination, personal vendettas, theft of work,
disinformation, petty criminal behavior, and worse. In fact, the current
chaos is eerily similar to John Brunners prediction in his classic book
The Shockwave Rider over 20 years ago, where anonymous denunciation
lines allowed antagonists to destroy a protagonist's credit, job status,
and even marriage without fear of retribution. Ignoring or aiding this practice
without regard for the consequences is ethically questionable at best.
Overall, Schneier's writing has a concise, readable, appealing style. E-Mail
Security: How to Keep your Electronic Messages Private is ideal for
the computer user who feels insecure about sending Internet mail and has
an active interest in the powerful tools available for securing it.
Network Security as a Professional Practice
Network Security, by Steven L. Shaffer and Alan R. Simon, provides
a comprehensive, top-down approach to computer and networking security as
a professional practice. It focuses primarily on the formal nomenclature
and structure used as the framework for government- and commercial-security
environments. This formalism is critical for serious computer-security work.
Network Security is ideal as a top-down introduction to any intensive study
of formal security mechanisms and policies of the last 20 years. Not included
are the tools of the trade that a network-security officer uses in practice,
the methodology that programmers use to implement secure operating systems,
or the cryptographic mechanisms that secure communications across a data
network. However, bibliographic references provide pointers for the serious
student.
One nice feature of this book is a description of representative-government-security
programs that show the formal information- security structure in practice.
Among the programs discussed are the Department of Defenses BLACKER, DNSIX,
and CCEP; profiles of security-product vendors are given as well. (This
latter group was incomplete: Suns Secure Solaris, Oracles MLS products,
and HPs HP-UX BLS were missing.)
A downside of Network Security is its insularity and relative blindness
that stems from its proximity to traditional security perspectives. For
example, while PEM and Kerberos are discussed briefly, unofficial security
mechanisms, such as PGP and COPS, are not. There is no critical analysis
of the inherent weaknesses of the official architectures for information
security. Despite these omissions, however, Network Security's coverage
of the appropriate formalisms make it essential to the serious security
professionals library.
Enterprise Network Security
Network Security: How to Plan for It and Achieve It, by Richard Baker,
is the most ambitious of the books discussed here. It develops and implements
an enterprise networks security envelope from the bottom-up, but avoids
discussion of the underlying mechanisms. Baker speaks to MIS managers or
network administrators who must develop and implement an official, organized
security policy, comprising physical security, business-management structures,
backups, training, viruses, and security audits.
Each chapter begins with an overview of a problem (such as securing the
desktop), then develops a top-down plan to deal with it. While fleshing
out these details, Baker discusses the elements and management of a careful,
secure environment (occasionally citing industry examples). The book does
not cover operating-system and software architectures; it concentrates on
operational aspects pertinent to a business.
Network Security: How to Plan for It and Achieve It reminds us that
information security often fails because it is not integrated into the information
system from the start.
The breadth of the book is exemplified in its discussion of the legal requirements
of a network-information processing service, including the legal doctrines
of due care and due diligence. Few administrators are aware of the potential
liabilities of insecure or improperly maintained information systems, which
are magnified when the system retains information covered by privacy or
intellectual-property rights. The Infobahn of the future will likely involve
many suits over negligent operation of information services, resulting in
substantial liability awards from unsuspecting companies.
Baker approaches enterprise network security from a situational perspective.
This is bound to appeal to the administrator who can directly apply Baker's
solutions to rectify a situation or avoid an incident; enterprise network
administrators should keep this book handy.
Network Security: Private Communications in a Public World
Charlie Kaufman, Radia Perlman, and Michael Speciner
Prentice-Hall, 1995, 504 pp. $46.00
ISBN 0-13-061466-1
Network Security
Steven L. Shaffer and Alan R. Simon
Academic Press, 1994, 318 pp. $25.95
ISBN 0-12638-01-04
E-Mail Security: How to Keep your Electronic Messages Private
Bruce Schneier
John Wiley & Sons, 1995, 362 pp. $24.95
ISBN 0-471-05318-X
Network Security: How to Plan for It and Achieve It
Richard H. Baker
McGraw-Hill, 1995, 456 pp. $34.95
ISBN 0-07005-14-10
8/95 Dr. Dobb's Developer Update, USA: Book Review: POSIX.4 Programming. Contrasts traditional operating systems techniques with real-time demands.
5/95 Dr. Dobb’s Journal, USA: Role-Based Network Security(With William F. (Bill) Jolitz). Network level security is usually very costly, but through the use of role-based security, PC network administration can be reduced to a simple level without loss of integrity.
3/95 Dr. Dobb's Developer Update, USA: Security and the INTERNET(With William F. (Bill) Jolitz). A detailed analysis of the technical flaws in the TCP/IP implementations which allowed intrusion by a cracker over several months and new approaches to correct them.
Winter 1994 Dr. Dobbs Journal Information Highway Special Issue, USA: Very High Speed Networks: HiPPI and SIGNA(With William F. (Bill) Jolitz). Very high-speed networking is the key to rapidly and economically delivering large amounts of information.
9/93 Dr. Dobb’s Journal, USA: Programmer’s Bookshelf: Under Lock and Key. While you can’t keep network systems and data under lock and key, there are security techniques you can still employ. Lynne examines the approaches presented in UNIX System Security and UNIX Installation, Security, and Integrity.
Under Lock and Key
Review by Lynne Greer Jolitz
Copyright (C) Dr. Dobb's Journal, September, 1993
In the early days of computing, security in computer systems was not
the primary concern of administrators, since computers were generally setup
as centralized systems with terminals located in controlled areas, and networks
were not yet commonplace. (Incoming modem lines on the public telephone
network were the major security headache of system administrators.) Until
the mid-80s, in fact, enterprising students who punched holes in security
often ended up working for those very groups and firms they'd penetrated.
(Kevin Poulsen, awaiting Federal charges for illegal computer access, was
hired by SRI after a rash of system break-ins.) Still, security holes remained
a bemused topic of conversation, and were not considered serious except
by a few predictors of doom.
The Boom in Security from the Internet Worm
Security is like insurance--it's a nuisance to pay for, until a disaster
occurs. This lesson was illustrated during the "Morris worm" incident
which caused the immediate contamination of hundreds of thousands of systems
and the resultant shutdown of the NSF Internet. In the aftermath, security
awareness was raised to an all-time high from which it has gradually eroded
as everyone loses interest until the next crisis. Such is the boom-and-bust
cycle of computer security.
What was different about the Morris work was that the intruding program
took advantage of networking and operating systems standardization to allow
automatic propagation of itself onto freshly compromised systems. This meant
that, like Von Neumann exponentiating machines, the Morris worm could rapidly
scale its ability by the cascade effect of dedicating an exponential number
of hosts to the effort. In addition, because the program added to its information
store of "ways to break the system," the worm had greater "growth"
potential than an ordinary computer virus because it could, again, leverage
the network to pass back information and "learn" better how to
break into more systems.
In sum, the Morris worm neatly demonstrated the vulnerability of computer
networks, and made network-wide system security mandatory instead of an
abstract research topic. To aggravate things, the rise of high-powered low-cost
systems attached to the network have made security a part of systems design,
planning, and administration long before it became a "popular"
topic of conversation. With the number of Internet hosts now approaching
1 million and growing, security merits primary consideration before placing
any system on the global network.
A Site Administrator's View of Security
When it comes down to it, security is the mundane part of computer administration.
You put the software equivalent of a padlock on resources, files, and accounts,
rotate the assignment of keys to users of these items, and track when attempts
to unlock them are made. When initiating security procedures, however, an
understanding of the users and environment is crucial to creating a secure,
yet acceptable, work environment. A book which covers security should be
comprehensive in all aspects of security; otherwise, you don't have a secure
system. Security, whether a house or a file server, is as strong as the
weakest link.
UNIX System Security is geared towards the system administrator and
is engaging in its "tales" of security woes. The book is also
categorized in much the same way that a systems administrator would no doubt
view security: account security, filesystem (or, more properly, "data")
security, and network security in general, followed by specific types of
systems (securing workstations, for example), policies, and references.
While it meanders somewhat through its intermingling of security procedures
and needs, its hands-on cookbook approach should be of great use to any
goal-oriented site administrator who prefers the historical approach to
security--the "finger in the dike" view.
At the same time, this choice of organization is a flaw in UNIX System
Security. The book does not go into as much depth as necessary, allowing
a bit of cookbook knowledge to delude you into thinking you know everything.
There's no overview of what security actually is (you have to go to the
National Computer Security Center's famed Orange Book to find out). Security
is a broad term that means different things to different groups, so defining
what kind of security mechanism and its resulting effect is important. For
example, there's no comparison between account security (most common and
simple to implement) verses data security (much harder) or network (a combination
of data and account security and the actual physical arrangement of the
network itself, and an area which is also given short shrift in books on
network architecture and management).
But more importantly for a book geared to site administrators, there's little
perspective offered on the differing needs of various sites--a government
site versus one in the private sector, for instance--but instead, it seems
to be biased towards educational-site experiences. For example, government
time and energy is often oriented towards "air gap" security to
avoid penetration or subversion of the system. The private sector, on the
other hand, tends to view those "within" the system (such as employees)
as possible security problems--hence the focus on auditing, logs, and transaction
files. Neither of these considerations is directly discussed, primarily
because an educational site prefers a more open and free exchange of ideas
and viewpoints (and also, because they don't usually have money to throw
at procedures and personnel). The short shrift given to auditing, in particular,
is an oversight for any private-sector site administrator. This is especially
the case as modern computer systems with integral security auditing on per-file
and per-process level become available.
Policies with respect to software, passwords, and so forth are also discussed
in UNIX System Security, but these policies have an educational-site
bias, and system administrators should refer to their site guidelines before
implementing any of these suggestions. (If your site doesn't have guidelines,
it's time to establish them.) Legal issues regarding site policies and policing
and software licenses and copyrights are also volatile and undefined at
this time, and the legal examples should be read with a grain of salt. Yet,
for naive institutions that never considered such policies necessary, it
does bring them back into the "real" world.
System Security at a Glance
For a more traditional overview of UNIX security, UNIX Installation,
Security, and Integrity is welcome. Written in a concise and direct
form, this book fills out the topic and is careful in discussing security
categories. After breaking down the main-system security into appropriate
categories (filesystem security, account security, and process security
on the local system), it discusses cryptography and network security. It
also deals with security monitoring and auditing procedures. Thus, the last
word in its title actually has meaning.
One item I appreciated was the careful differentiation between trusted and
regular systems. The authors went so far as to include a mention of hardware
security support, an oft-forgotten area which should be covered in every
security book.
The reference section of both books contain useful papers and books, including
the Orange Book and some of Robert Morris's papers on security (which may
have influenced his son's "worm" work) and brief discussions of
secure software (such as Kerberos). In concentrating on recent works, however,
some of the classic works were ignored, including studies on the KSOS System
(Ford Aerospace) which are worth mentioning for their scope and depth.
Conclusion
UNIX System Security should become popular among site administrators
struggling to get a handle on security needs--especially since most vendor-specific
manuals don't cover those well-known security "holes" which can
cause grief. For a more thorough and concise view of security, administrators
should also obtain UNIX Installation, Security, and Integrity. But
for a real understanding of security in the 1990s, check the references
and attend the security conferences. That's where the action is.
UNIX System Security
David A. Curry
Addison-Wesley Professional Computing Series, 1992, 279 pp.
$32.25
ISBN 0-201-56327-4
UNIX Installation, Security, and Integrity
David Ferbrache and Gavin Shearer
Prentice-Hall, 1993, 305 pp.
$34.00
ISBN 0-13-015389-3
6/93 Dr. Dobbs Journal, USA: Extending Standards for CD-ROM. Although ISO-compliant CD-ROMs are interchangeable and usable on any type of system, the minimalism that made the ISO-9660 standard successful is sometimes too minimal. Consequently, the Rock Ridge Group and others have developed extensions to give new life to CD-ROMs.
"Most programmers are aware of the ISO-9660 standard and its significance in sharing CD-ROM data between different platforms. In our article "Inside the ISO-9660 Filesystem Format" (DDJ, December 1992), we examined how this standard has encouraged the use of CD-ROM technology and how a modern ISO-9660 CD-ROM is structured. ISO-compliant CD-ROMs are interchangeable and can be used on any type of system and architecture. However, the minimalism that helped make the ISO-9660 standard successful may sometimes be too minimal for specific applications (such as distributing POSIX-based, bootable CD-ROMs). Because ISO-9660 does not adequately support the POSIX filesystem, the Rock Ridge Group was formed to develop ISO-9660:1988 extensions, which take advantage of the system-use area of the directory record (provided for in ISO-9660) to store complete POSIX filesystem information.
Extensions to ISO-9660 can make a CD-ROM appear like a given target operating system (such as a POSIX-compliant filesystem). By encoding these extensions (using the sharing-use protocols), you can allow for separate sets of attributes for the same filesystem. This lets you organize extended information for different systems (such as VMS, DOS, and UNIX) in a nonconflicting way. Also, any system that only understands ISO-9660 without any extensions can still gain access to the files and obtain the exact same contents of data for a file; you aren't precluding any use of CD-ROM by the use of extensions, you're simply extending the scope of use of the information. "
[To continue reading this article, simply click here to register or login at DDJ.]
12/92 Dr. Dobbs Journal, USA: Inside the ISO-9660 Filesystem Format(With William F. (Bill) Jolitz). For delivering large amounts of data, CD-ROMS give you the biggest bang for the buck. The ISO-9660 filesystem format is discussed. Example utilities which allow a person to decode a CD-ROM and view a file are also presented.
4/91 Dr. Dobbs Journal, USA: Copyrights, Copyleft, and Competitive Advantage. An overview and analysis of the effects and trends towards the use of copyrights, Free Software Foundation (FSF) “copylefts”, and the impact on American competitive advantage.
|