Detecting threats in the real world

Security pros know there's no perfect defence against a determined attacker. So when an identity thief strikes, it's vital to detect the theft. But who's going to be the detective?

As applications migrate into the network cloud, the presumption is that IT administrators will be the detectives, vigilantly looking for clues that might spell trouble. But such vigilance will never suffice, because nobody can care as much about my own interests as me, or as much about yours as you.

When I set up my first corporate connection to the Internet, for example, I had a naive fantasy about managed network services. I imagined a bank of screens glowing in a dimly lit network operations centre, earnest young technicians studying them alertly, and then ... What was that? An alarm sounds, a cluster of red dots erupts on one of the screens, the technicians huddle, my phone rings.

"Mr Udell, there's been a routing glitch that affects your subnet. We're aware of the problem and we're working on it. You'll hear back from us as soon as it's fixed."

Yeah, right. What actually always happens is that I notice when a server's gone unreachable, and I contact the ISP. At first nobody there sees a problem. So I triangulate on the errant router, pass along the trace routes that pinpoint the problem, and finally someone agrees to fix it.

This protocol is annoying but not really surprising. Self-interest trumps all other incentives. I care more about my server's connectivity than the folks in the NOC ever can or will. I'll keep a watchful eye, and I'll do what I can to stay on top of things.

Back in my pager-wearing days I scattered a handful of probes around the Internet, and instructed them to ping my boxes and alert me if they couldn't. That worked because basic connectivity is easy to observe. But the activity of my various online personae typically isn't easy to observe - at least not by me, and not in ways that would alert me to, for instance, unusual activity on an account.

Desktop and server operating systems know, and can report, when you've logged in and what you've been doing. True, a savvy impersonator can erase their footsteps, but if you're motivated to look, there's a decent chance you can detect an intrusion.

Applications and services delivered through the Web usually don't afford the same opportunity. If a failed password-guessing attack triggers a temporary lockdown of my online bank account, I have some hope that I'll be promptly notified - though I'm not about to try the experiment in order to find out. But what if shoulder-surfing or a lucky guess yields up my credentials to an evildoer? Typically there's no way for me to monitor the account for amounts, times, or IP addresses that only I would recognise as suspicious.

They should at least show me the last log-in time. A more complete view of all account activity would be ideal. Flooding me with log dumps won't help. The information has to be represented in a way that makes it easy to tell, at a glance, when something's not right.

That's easier said than done, but there's hope. Like all animals, we humans are wired to memorise visual and auditory patterns and notice deviations from them. If software can tap into those innate capabilities, it can help us watch out for ourselves.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Udell

ARN
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?