Re: [Model-t] What are we trying to protect

[Bret Jordan <jordan.ietf@gmail.com>]

This is why I listed four types of attacks and what is at risk with them.  We have to start somewhere.

Recopying here:

Attack: Active remote attack
Exposure: Full compromise of system and data
Client Knowledge: Potential indicators may be visible
Protection Possibilities: Deploy both client and network level protections
Headwinds: Client based protections are usually inadequate
Severity: High
Kill-Chain Phase: Lateral Movement 

Attack: Active in-band attack
Exposure; Full compromise of system and data
Client Knowledge: Potential indicators may be visible
Protection Possibilities: Deploy both client and network level protections, user awareness training, content and DNS filtering
Headwinds: Client based protections are usually inadequate
Severity: High
Kill-Chain Phase: Delivery and Exploitation 

Attack: Passive monitoring of traffic
Exposure: Information about where traffic is going and potentially details of the content being shared 
Client Knowledge: No, it is very hard to detect passive monitoring tools
Protection Possibilities: Encrypt traffic 
Headwinds: Global adoption of better encryption
Severity: Low
Kill-Chain Phase: Reconnaissance

Attack: Active in-band monitoring and tracking 
Exposure: Information about what the user is doing and where they are going 
Client Knowledge: Generally no 
Protection Possibilities: Client and network level protections
Headwinds: Some clients are making it hard to deploy client side protections 
Severity: Low
Kill-Chain Phase: Reconnaissance



Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

> On Aug 4, 2019, at 5:00 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> Hiya,
> 
> On 04/08/2019 23:38, Bret Jordan wrote:
>> A few comments inline… Sorry, I try not to do that.
> 
> Why not? It's fine. (And easier to follow in mail I believe.)
> 
>>>> the larger risk, and larger attack surface.  When we design 
>>>> protocols and only consider a small handful of threats, then we 
>>>> inevitably hurt the market.
>>> 
>>> IMO we ought not only think in terms of "the market" - I'd hope
>>> rather that everyone sometimes thinks of more than commerce as the
>>> Internet impacts on people in other ways that are relevant in this
>>> discussion.
>> 
>> Sorry bad word choice.  =~s/market/industry/g;  When I refer to “the
>> market” I am not talking about the vendor space, commercial space, or
>> the sell stuff over the web space.  I am simply referring to the way
>> end users, organizations, enterprises, and governments need to use
>> the connectedness of computers and IP address ranges to do what ever
>> it is they are doing. So I should have said “industry” or if you have
>> a better term, let me know.
> 
> I suspect this is one where we're better to recognise that
> nobody's fav term is correct;-) It's entirely legit to consider
> how security/privacy analyses affect the market, and how they
> affect society, and how they affect specific communities, and how
> they affect the set of people who use or care about the Internet.
> Those are all valid, as would be other sets of interested parties,
> and I suspect we'd never reach consensus as to the relative
> importance of each. I think if we each accept that other folks
> rate those differently for reasons that are possibly as valid as
> our own, that might be good enough.
> 
>>>> The more of these things we can document and the more we can
>>>> bring them to light, the better everything will be in the end.
>>> Yes, but it's important to document things in a way that can lead
>>> up to then winnowing things down to something that ends up useful
>>> to that population of IETFers who are not security or privacy
>>> specialists.
>> 
>> Once again, I fully agree.  But we need to start somewhere.  The
>> Stanford D-School has a great set of classes on how to effectively
>> brainstorm.  And I think that is what we are trying to do now.  We
>> are trying to get the discussion going and get everything out there,
>> so we can start to better understand how big the elephant is that we
>> need to work on
> 
> The elephant metaphor isn't my favourite. Even if we're each
> scrambling around in the dark, there might not be exactly one
> elephant. In this case, I think there definitely is more than
> one. For example, we have the enterprise n/w vs big-I security
> differences, and we also have the commercial/govt surveillance
> vs. human rights/freedom differences. It may be my lack of
> imagination but I can't see how those are part of one elephant.
> (And I think that's true regardless of one's opinions as to any
> of the locally-perceived potential elephant parts:-)
> 
> Cheers,
> S.
> 
> 
>> 
>> Bret
>> 
>> 
>>> 
>>> Cheers, S. <0x5AB2FAF17B172BEA.asc>
>> 
>> 
>> 
> <0x5AB2FAF17B172BEA.asc>