Fred, you missed my point. Stuxnet is just the harbinger.
What I want to say is that routing architectures which depend on a small set of routers like LISP depending on a small (??) set of ALT-routers are very vulnerable: By attacking these ALT-routers you may attack the entire internet. Heiner -----Ursprüngliche Mitteilung----- Von: Fred Baker <[email protected]> An: [email protected] Cc: [email protected] Verschickt: Mo., 27. Sept. 2010, 16:15 Thema: Re: [rrg] future routing architecture in view of stuxnet... On Sep 27, 2010, at 4:39 AM, [email protected] wrote: > See one of many stuxnet related articles: > http://edition.cnn.com/2010/TECH/innovation/09/24/stuxnet.computer.malware/index.html?iref=allsearch > > IMHO a future internet architecture should also envision attacks like stuxnet and even worse ones. Not sure that routing is relevant. Stuxnet is distributed on USB keys via social engineering. There were four "day zero" attacks in stuxnet, like not qualifying an autorun file before executing it. But the faults attacked were more "security 101" issues. For example, the applications use the windows default passwords and have them hardcoded in, making it hard to change the passwords. Stuxnet used guess which passwords. I agree with Roland that it's not routings' job to fix end system security; with these kinds of faults being attacked, I'm not sure I see how it could. Comments from a colleague: > This is what we know: > > - Microsoft issued a security bulletin on July 15, 2010 identifying this vulnerability > http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx > > - It appears to spread through a combination of thumb drives and social engineering. It exploits a flaw in Windows when Windows Explorer opens a folder and tries to render the folder's icons. > > - It appears to only target Siemens PLC systems > > - There is evidence that this heretofore-unknown vulnerability was initially exploited in mid 2009 > > - It has the hallmarks of a state-sponsored effort, given its sophistication, and that it was written in a modular fashion implying several authors. It has also primarily attacked systems in Iran and Pakistan. > > - It's not yet known (in unclassified circles, at least) when the trigger > will be issued, and what will happen when it is. Analysts have not yet seen communication with the mothership. > > - Many Siemens PLCs run old, unsupported versions of Windows, such as NT and 2000, so patches are not available for those platforms > > - It exploits default passwords of Siemens PLCs, but users cannot change the default passwords because that will affect the operation of their systems that depend on this password (i.e., hardcoded into the protocols) > > Analysis: > > - This is a truly nasty bugger, since many systems cannot be patched or fully protected. A reload of the OS will not prevent future attacks. > > - Perimeter security can be set up to prevent communications with known rogue servers in order to protect against remote command and control. > > - Siemens PLCs are used in electric utilities, but are also used in other critical areas such as battleships and other sensitive assets. > > - Network IDS can be used to detect the traffic patterns at this point, but that will not prevent infection, and would not be effective over serial connections and local thumb drive insertions. > > This issue was discussed at the NERC CIP meeting last week, but comprehensive remediation steps were not provided. Given what we know, it would be extremely hard to fully address this threat, especially for older systems. > > The legacy issue provides an enormous attack surface, given proprietary security mechanisms (if at all), poor coding practices, poor configuration choices (such as depending on default passwords), insecure OS platforms, and connectivity to the Internet. We will do our best to design security architectures that accomodate legacy systems, but we'll be limited in our efforts.
_______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
