Announcement

Collapse
No announcement yet.

Request: Metaphor to Understand CompSec/InfoSec

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Request: Metaphor to Understand CompSec/InfoSec

    After spending some time socializing with people on issues of computer security WRT programming and Systems Engineering, I found each person had their own methods for understanding security in their own way. Obviously, methods reflected their own experiences.

    Would you care to offer what metaphor has best helped you to understand various topics of InfoSec/CompSec? What symbolism seems to work well for you? What methods work well in educating others?

    Some results from this discussion included:
    * Mental diagrams with Finite State Machines to show all logical states and transition/edges (popular with people who have strong foundations in Graph Theory/Set Theory or math in CS)
    * Model topics in Security and examine how tings tend to fit in one category or another, and how there is border interaction at the interfaces (various partitions spaces such as Applications, Kernel, Physical Access, Users)
    * Examination of any space by applying Sun Tzu's The Art of War and various grounds of contention from the point of view of an attacker vs. defender

    (more than what are listed, of course)

    I've used some of these as well as others which are not listed. What works or has worked for you? What methods do you use to describe issues of CompSec/InfoSec to people who do not need to know the details, but want general guidelines for layer 8 policy (or layer 9 if you populate layer 8 with money and 9 with politics.)

    TIA

    (Was posting here as "TheOtherGuy" but to show how "31337" (elite) I am, I forgot the password to it, and seem to have botched the entry of my e-mail address in my initial application here, so I am born again as this ID: Yes, I suck. But I know it.)

  • #2
    Why should we give away our secrets? If we do that then THEY will come for us! The Aliens!

    Comment


    • #3
      Originally posted by highwizard
      If we do that then THEY will come for us! The Aliens!
      The Canadians?

      Comment


      • #4
        Originally posted by highwizard
        Why should we give away our secrets? If we do that then THEY will come for us! The Aliens!
        [humor]
        No way. Do like I do. Wear the tin foil hat. That keeps the government mind control and telepathic crew from reading and controlling my brain. Few people know that if you put macaroni salad in the tin foil hat, _that_ will stop the aliens from reading your thoughts. (BTW, Tapiocca pudding does ont work.)
        [/humor]

        I can see how it is... I helped ruin one of his threads and he is getting even! :-)

        Comment


        • #5
          Originally posted by TheCotMan
          [humor]
          No way. Do like I do. Wear the tin foil hat.
          Uh, did you know that tin foil was originally made FOR the government? Yup, just like M&Ms and other trivial things.

          Your tin foil hat gives you a direct line to the NSA.

          Comment


          • #6
            Originally posted by astcell
            Uh, did you know that tin foil was originally made FOR the government? Yup, just like M&Ms and other trivial things.

            Your tin foil hat gives you a direct line to the NSA.
            Only if you wear the shiny side out. Shiny side in keeps the orgone and precious bodily fluids from leaking out.

            Comment


            • #7
              Originally posted by TheCotMan
              Would you care to offer what metaphor has best helped you to understand various topics of InfoSec/CompSec? What symbolism seems to work well for you? What methods work well in educating others?
              I've always been partial to Bob and Alice, especially after Bob opens up Alice. :D

              Comment


              • #8
                Originally posted by astcell
                Uh, did you know that tin foil was originally made FOR the government? Yup, just like M&Ms and other trivial things.

                Your tin foil hat gives you a direct line to the NSA.
                Doh! They're going to find out about my "3117" stack smashing technique which involves using a 12 pound brick!
                [Urrhrhhrhhrhhrh! Stack bad! Must smash stack! Urrhrhrhrhhh!]
                ...
                Double-Doh! Now you all have my secrets too ! Gahhhhhhhh!


                .oO BTW, I PrivMsg you [edit: astcell] the story about Phon-E and the detention by authorities. Feel free to quote it in a new thread like "events at past DC" and maybe we can fill gaps to these various events.

                [specifies edited data]
                Last edited by TheCotMan; May 26, 2004, 08:29. Reason: added name for pronoun "you" as it was unclear.

                Comment


                • #9
                  Originally posted by murakami
                  I've always been partial to Bob and Alice, especially after Bob opens up Alice. :D
                  I have read of many different Alice and Bob scenarios, but I don't think I have seen that one.... Do you have a copy in DIVX encoded AVI? Care to share? Does this have a third party MiM attack, or is it just between Alice and Bob? And the key exchange... did they actually trade keys to their residences, or was it a "one time pad"..

                  need some punicillin over here, help I'm losing it...

                  (heh)

                  Comment


                  • #10
                    CotMan, I think we need some "Highlight of past Defcons: Reenacted" at DC12. We can have arrests, fights, and other stuff played out on a stage for those who missed it.

                    Comment


                    • #11
                      Originally posted by astcell
                      CotMan, I think we need some "Highlight of past Defcons: Reenacted" at DC12. We can have arrests, fights, and other stuff played out on a stage for those who missed it.
                      Right on! This would kick ass!

                      One thing I would be worried about is upsetting people who have different impressions of history. Time has a way of causing people to alter their perception of history.

                      Best way to counter this is get enough people contributing to each event in order to have the depicted history be accepted with little controversy.

                      You want another part of a story?

                      (In a grandpa-like voice...)

                      During the DC when someone decided to be a wiseguy and perform a DoS attack against hotel employee use of radios (by providing a much stronger signal than the in-house radios were able to compete) they decided to have the source for generating the signal be one of the presentation rooms...

                      (One thing to not do at DC is something like the above. There are many technically skilled Goons who have the technology, time and energy to make triangulation of a source this strong trivial, and expulsion even easier... after repeated introduction of various blunt objects to the offender:
                      "Excuse me, have you met mr Side-handled Baton? Yes? Ohhh but he is so sad that it has been too long since the last meeting and wants to *hook-up* with you again...") )

                      Ok, so back to the story, Priest happens to come into our presentation room (where a small crowd of maybe 40 people in the audience is watching attempts made by people to socially engineer their way into or out of scenarios contrived by people in the audience: the attackers and defenders are con attendees and its all about role playing.... yes, it sucked from a technical standpoint, but was very funny and entertaining to watch.)

                      Priest says: (paraphrased)
                      "It has come to our attention that one of you miscreants has demonstrated your lack of mental prowess by jamming the radios used by the hotel staff here at the con. We know it is someone from one of these presentation rooms because we can hear your signal, and the content of your signal from everywhere in the hotel. You know who you are, and I suggest you stop.
                      This is a dumb thing to do. First, the hotel employees use their radios in cases of emergency, and if someone happens to have a heart attack, or need medical attention, you can get in big trouble. (blah blah blah, about being in prison as a new wife to "bubba" blah blah blah... few more minutes.)
                      We can and will track you down if this does not stop, and you will know what it means to be (blah blah blah another minute.)"

                      Okay, so whoever was doing it stopped doing it, and we returned to the "social engineering" demo. They asked for suggestions for the next social engineering scenario, I raised my hand and was called to issue a suggestion, and thus I spoke:

                      "You have just been caught with a radio transmitter in your room which was providing a signal so strong as to overpower the hotel radios. Priest is there, and he has 2 enforcers."

                      There was much laughter from the small number of people in the audience, and the skit went horribly wrong, but it was still entertaining.

                      ...

                      Here is a really short one...
                      During DC5 and "Spot the Fed" contest, one of the people in my group decided to "Spot Priest" as a fed. This went over rather well, and a much larger audience laughed. It was a rare moment as it appeared that priest was caught off guard, and did not have an immediate response. I think he eventually said something like, "You.... Think I.... Am a fed?" and then rolled his eyes. He asked for reasons, which were given, but the member of my group did not get a Tee. (No, I was not the one who spotted Priest as a fed, but I wish it was. :-)
                      Last edited by TheCotMan; May 26, 2004, 23:12. Reason: fix typo

                      Comment

                      Working...
                      X