Re: [Model-t] What are we trying to protect

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hiya,

On 05/08/2019 00:25, Bret Jordan wrote:
> This is why I listed four types of attacks and what is at risk with
> them.  

I gotta admit I do not get your argument there. It could be
one of many. Maybe if you could be patient and spell it out
...

TIA,
S.

> We have to start somewhere.>
> Recopying here:
> 
> Attack: Active remote attack Exposure: Full compromise of system and
> data Client Knowledge: Potential indicators may be visible Protection
> Possibilities: Deploy both client and network level protections 
> Headwinds: Client based protections are usually inadequate Severity:
> High Kill-Chain Phase: Lateral Movement
> 
> Attack: Active in-band attack Exposure; Full compromise of system and
> data Client Knowledge: Potential indicators may be visible Protection
> Possibilities: Deploy both client and network level protections, user
> awareness training, content and DNS filtering Headwinds: Client based
> protections are usually inadequate Severity: High Kill-Chain Phase:
> Delivery and Exploitation
> 
> Attack: Passive monitoring of traffic Exposure: Information about
> where traffic is going and potentially details of the content being
> shared Client Knowledge: No, it is very hard to detect passive
> monitoring tools Protection Possibilities: Encrypt traffic Headwinds:
> Global adoption of better encryption Severity: Low Kill-Chain Phase:
> Reconnaissance
> 
> Attack: Active in-band monitoring and tracking Exposure: Information
> about what the user is doing and where they are going Client
> Knowledge: Generally no Protection Possibilities: Client and network
> level protections Headwinds: Some clients are making it hard to
> deploy client side protections Severity: Low Kill-Chain Phase:
> Reconnaissance
> 
> 
> 
> Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8
> ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however,
> the only thing that can not be unscrambled is an egg."
> 
>> On Aug 4, 2019, at 5:00 PM, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote:
>> 
>> 
>> Hiya,
>> 
>> On 04/08/2019 23:38, Bret Jordan wrote:
>>> A few comments inline… Sorry, I try not to do that.
>> 
>> Why not? It's fine. (And easier to follow in mail I believe.)
>> 
>>>>> the larger risk, and larger attack surface.  When we design 
>>>>> protocols and only consider a small handful of threats, then
>>>>> we inevitably hurt the market.
>>>> 
>>>> IMO we ought not only think in terms of "the market" - I'd
>>>> hope rather that everyone sometimes thinks of more than
>>>> commerce as the Internet impacts on people in other ways that
>>>> are relevant in this discussion.
>>> 
>>> Sorry bad word choice.  =~s/market/industry/g;  When I refer to
>>> “the market” I am not talking about the vendor space, commercial
>>> space, or the sell stuff over the web space.  I am simply
>>> referring to the way end users, organizations, enterprises, and
>>> governments need to use the connectedness of computers and IP
>>> address ranges to do what ever it is they are doing. So I should
>>> have said “industry” or if you have a better term, let me know.
>> 
>> I suspect this is one where we're better to recognise that nobody's
>> fav term is correct;-) It's entirely legit to consider how
>> security/privacy analyses affect the market, and how they affect
>> society, and how they affect specific communities, and how they
>> affect the set of people who use or care about the Internet. Those
>> are all valid, as would be other sets of interested parties, and I
>> suspect we'd never reach consensus as to the relative importance of
>> each. I think if we each accept that other folks rate those
>> differently for reasons that are possibly as valid as our own, that
>> might be good enough.
>> 
>>>>> The more of these things we can document and the more we can 
>>>>> bring them to light, the better everything will be in the
>>>>> end.
>>>> Yes, but it's important to document things in a way that can
>>>> lead up to then winnowing things down to something that ends up
>>>> useful to that population of IETFers who are not security or
>>>> privacy specialists.
>>> 
>>> Once again, I fully agree.  But we need to start somewhere.  The 
>>> Stanford D-School has a great set of classes on how to
>>> effectively brainstorm.  And I think that is what we are trying
>>> to do now.  We are trying to get the discussion going and get
>>> everything out there, so we can start to better understand how
>>> big the elephant is that we need to work on
>> 
>> The elephant metaphor isn't my favourite. Even if we're each 
>> scrambling around in the dark, there might not be exactly one 
>> elephant. In this case, I think there definitely is more than one.
>> For example, we have the enterprise n/w vs big-I security 
>> differences, and we also have the commercial/govt surveillance vs.
>> human rights/freedom differences. It may be my lack of imagination
>> but I can't see how those are part of one elephant. (And I think
>> that's true regardless of one's opinions as to any of the
>> locally-perceived potential elephant parts:-)
>> 
>> Cheers, S.
>> 
>> 
>>> 
>>> Bret
>>> 
>>> 
>>>> 
>>>> Cheers, S. <0x5AB2FAF17B172BEA.asc>
>>> 
>>> 
>>> 
>> <0x5AB2FAF17B172BEA.asc>
> 
> 
>