Be cloudy and secure...

Security


Cloud Security Authors: Shelly Palmer, Rick Popko, Jackie Kahle, Vormetric Blog, Rick Delgado

Related Topics: Web 2.0 Magazine, PC Security Journal, Twitter on Ulitzer, Security Journal, New Media on Ulitzer, Facebook on Ulitzer, Social CRM, The Social Media Guide, Security

Cloud Security: Blog Feed Post

WARNING: Security Device Enclosed

If you aren’t using all the security tools at your disposal you’re doing it wrong

Security Journal on Ulitzer

How many times have you seen an employee wave on by a customer when the “security device enclosed” in some item – be it DVD, CD, or clothing – sets off the alarm at the doors? Just a few weeks ago I heard one young lady explain the alarm away with “it must have be the CD I bought at the last place I was at…” This apparently satisfied the young man at the doors who nodded and turned back to whatever he’d been doing.

All the data the security guy needed to make a determination was there; he had all the context necessary in which to analyze the situation and make a determination based upon that information. But he ignored it all. He failed to leverage all the tools at his disposal and potentially allowed dollars to walk out the door. In doing so he also set a precedent and unintentionally sent a message to anyone who really wanted to commit a theft: I ignore warning signs, go ahead.

Don't Set Digital Precedents In Your Organization
Context, especially in the realm of information security, is paramount to ensuring legitimate access is authorized and all other forms of access is not.

You can understand, then, why it was that when a recent attempt at a Facebook login resulted in a request to verify my identity because I was signing in “from an unfamiliar location” I was delighted beyond words. Annoyed? A little, but it was completely overshadowed by the understanding that Facebook was utilizing the context available to ensure the integrity of my data.

Facebook did not ignore the “security device enclosed” and acted upon the context of the request to better prevent illegitimate access to an account. It looked, digitally, and determined that the situation warranted further investigation.

When you fail to leverage all the tools at your disposal to ensure that access to applications and data is legitimate, you’re essentially ignoring the “security device enclosed” warning. A web application request isn’t just a bunch of HTTP headers. It’s a bunch of HTTP headers that’s been transmitted over a network, from a location containing data created by a user. The information that accompanies that request about the network, the user, the data, and the request form part of the context to which you probably have access, but aren’t leveraging to its fullest potential.

When an application request that normally results in a 4KB response suddenly returns 40KB, there’s something odd going on. If you don’t recognize that something is different, it’s the digital equivalent of ignoring the alarm when an enclosed security device sets it off. When a user logs in from a completely new location, the alarm is going off. Hand-waving it through sets a digital precedent that you aren’t really watching as closely as you could and encourages miscreants to try even bolder approaches.

If you have a context-aware solution, take advantage of it. If you have a web application firewall capable solution, at least let it warn you if you aren’t comfortable with having it block requests and responses. If you have the means to inspect responses for unexpected variations in content size or the inclusion of sensitive data, do so. Take into consideration as many variables as you can as you continue to implement and improve your application and information security strategy.

But whatever you do, don’t ignore the security devices enclosed in your data center.

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.