Security Lessons from Nature – Long Worm
- At October 06, 2009
- By Josh More
- In Natural History
0
There is a story that we hear as kids about worms. We’re told that you can cut worms into as many pieces as you like and they’ll each grow into a new worm. As cool as that sounds, it’s a lie… mostly.
Regular earthworms don’t regenerate, so you can set aside your plans to buy worms on the Internet, cut them up, and sell them at a profit. However, after generations of scientists spent their lives gleefully chopping up worms and recording the results, we know of a few families of worms that do manage to more of less regenerate.
The key seems to be the segments. When you make a cut, the number of segments connected to one another determine the worm’s ability to regenerate. Certain worms can, in fact, grow from both ends and go on to live fairly normal lives… at least, as far as worms go.
This can be applied to business systems as well, though we call the segments different things at different levels. At a programming level, we work with modules and services. A good design would use lose coupling and connect the segments in such a way that some of them could fail and the system would still function. At a system/network level, you can build highly available systems out of nodes and connect them with either a cluster or virtualization system. Again, the goal would be that if any nodes fail, the system itself would survive.
What’s interesting is that the same model works at the business as well. One of the techniques discussed at last month’s BIZ presentation for business acquisition, was to build your business such that you can spin portions off. Business incubators often work the same way.
The thing we often forget about security is that it’s not just about keeping the wrong people out and allowing the right people in. It’s about survival. The reason we care so much about access and is that one of the easiest ways to ensure survivability is to prevent bad people from getting in. However, if the ultimate goal is to survive, you also have to consider ways to thrive in changing environments. Security should be intrinsically tied into the business in the same way that the segments tie into the worm.
The segments do more than just allow the worm to survive should it be dissevered in the name of scientific discovery. They give the worm flexibility and help contain organs. In fact, the longest worms in the world are segmented.
Makes you think, doesn’t it?
Small Business Attack – Malware
- At February 11, 2009
- By Josh More
- In Business Security
- 0
It’s interesting how business awareness lags actual security threats. I was having a conversation recently with someone who said something like “yeah, we get by a virus about once a month, but we clean it up and keep going”. This took me aback as I realized that there are a significant number of people out there that don’t view malware seriously.
This is our fault. For years, we’ve been classifying threats and discussing their differences instead of focusing on their similarities. If you’ve touched any IT in the last decade, you’ll recognize the following list of words: virus, worm, trojan, spyware, adware, malware. You’ve probably been told that your antivirus application will take care of it, so you run it and get on with your life. Well, I’m sorry to break it to you, but you’ve been lied to.
We’re at the end of what antivirus can do. We’ve also reached the point where malware (malicious programs) have moved from being annoying to being evil.
Back in the day, malware would spread from system to system and slow things down. Sometimes, they’d delete files. That was then.
Today, people are using these systems to create what are known as bot armies. Once they take over your computer and add it to their armies, they can do anything they like to your computer. Like what?
- Conduct attacks on other networks
- Store illegal materials (often child pornography) on your computer
- Crack passwords
- Banking data
- Harvest all proprietary data (trade secrets, tax information, business plans, source code) from your network
- Harvest client data (credit card numbers, social security numbers) from your network
Basically, if you get infected with malware, the attackers can get anything they want from you. Any file you have, any site you browse to, any email you send or receive. It’s all theirs.
It’s more than a nuisance. What are you doing about it?
