There is a big problem in defending systems today. The majority of systems are using the secure configuration as defined by the CIS and NSA as well as others. These configurations are decide upon by a group of system administrators and can take many months or years before they are published and used. There needs to be proactive research in this part of security.
The current field of security research seems to be more about various ways to attack an operating system. There needs to be research in how to defend a system as well. This research needs to be done in a more consistent manner which can be reproduced by others.
I would like to propose a method to make this happen. I keep thinking of the movie "Virtuosity" where a virtual personality was attacked by various other evil personalities until a final personality emerged. I am hoping for more of a string defender to come out in this case.
For the testing platform, I am proposing Software Testing Automation Framework (STAF) which could be used to establish a standard method for security researchers. STAF can be used for testing attacks and defenses of various operating system.
I could see the system being used with three types of system. The attacker system loaded with metasploit so some other attack tools. A system to monitor the communications between the system. A third type which will the victim system.
The victim system would start as a generic version of an operating system or a version that matches the one being used in the environment of the researchers. This system will be attacked by the tools and monitored for changes.
There are two goals for each of these tests. The first is to find a way for the victim system to report that it is being attacked and by what method it is being attacked. The second is to find a mitigation or protection for the system from the attack.
The reporting is very important because the System Administrator and Security need to know that a system is being attacked. Without reporting the attacker can try many different forms of his attack until one works.
The changes need to report and defend against each attack need to be posted to a server where other researchers using the same system can make use of the results.
The plan would be to test all available attack tools against an operating system and have a central website where system defenders could make use of this research to protect their systems.
The first run through of the tests would be the hardest as a method for reporting will need to be found and tested. The next hardest piece will finding the mitigation against the attacks.
Once the first run though has been done, the system could then easy be used to test patches to the operating system and changes in the attack tools to verify if there are any changes needed in the reporting and defense of the operating system. All of this should be reported to a central site where defenders can keep their systems current.
If this research happens and system become less vulnerable, I could see the hackers job becoming a lot harder.
No comments:
Post a Comment