As I begun to do some more work on the Bro intrusion detection system (IDS), I found myself thinking of the old Germans proverb, “Fear makes the wolf look bigger“. Thanks to wishi for posting a link to a photo of a drawing representing the proverb. What does that have to do with security and IDS? Security professionals walk a fine line between keeping an environment safe verse intruding on people’s privacy. Privacy violations can and do occur. For this reason, laws and regulation need to be in place to help prevent violations. Those violating the law should be prosecuted to the full extent possible. Unfortunately, some entities (organizations, countries, etc.) prefer to do away with network monitoring completely claiming the risk of abuse is too dangerous. Why stop with network monitoring? Following that thinking, should not all monitoring be stopped?
One needs to be careful not to fall into the trap of pretending one can make security problems disappear by simply passing laws. Some countries seem to be trying to do just this by outlawing such things as security tools (“UK government to consider hacker tool ban“, “Germany outlaws ‘hacking tools’: An impossible ban for sysadmins?“). This only results in security professionals being deprived of the very tools they need to do their jobs. In Europe, while laws get passed protecting the privacy of European citizens, the European governments ends up being exempt. “Europeans reserve their deepest distrust for corporations, while Americans are far more concerned about their government invading their privacy,” writes Bob Sullivan in his article, “‘La difference’ is stark in EU, U.S. privacy laws.” In the end, monitoring still occurs. It is just a question of who does the monitoring.
Others might not want to make security tools illegal, but instead limited the tools to those demonstrating a certain level of professional proficiency. Deb Radcliff writes in the article, “Computer Forensics Faces Private Eye Competition,” about pending legislation in South Carolina where digital forensic evidence gathered for use in a court must be collected by a person with a PI license or through a PI licensed agency. Deb writes, “Georgia, New York, Nevada, North Carolina, Texas, Virginia and Washington are some of the states going after digital forensic experts operating in their states without a PI license.” The article goes on to quote Steve Abrams, a licensed independent PI and computer forensic examiner based in Sullivans Island, S.C., “In April [2007], the state attorney general opined that even if you never set foot in South Carolina, if you’re collecting evidence to be used in court here, you still need a South Carolina [PI] license. Licensing authorities in New York, Pennsylvania, Texas and Oregon have opined the same way.”
I can’t help but think about a recent newspaper article titled “Robbery target isn’t only one who’s packing” written by Beth Brelje. While it is not directly about IT, please bear with me. Richard Flynn, owner of American Sport Shooting, made this great statement:
A lot of people who move from metropolitan areas are not use to not having a police force. I moved here in 1990, I could walk around the streets and never considered being armed. Now I will not consider going out without being armed. Anytime people move in, you get good and bad. Unfortunately we’ve got a good amount of bad. I don’t feel safe here. I considered it being prepared.
Once upon a time, I felt safe on the Internet and did not think about security. Then the world moved in and we all became just a few milliseconds away from every creep on the planet. Do we have an Internet police force keeping us safe? Even if the non existing cyber police really wanted to hear from us when our computers becomes infected with viruses, what could they do? The 165,000 men, women, and children of Monroe County would love it if everyone could just get along. Sadly, there are some bad folks who would love to cause harm in the county. The residents also would not object to a large police force that could deal with these criminals before any crime occurred. In the end, economically that is not a viable solution. So, 10,000 Monroe County residents, feel the need for some protection. I understand.
H.P. Lovecraft wrote in “Supernatural Horror in Literature” that “the oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown.” This is a lesson repeated throughout history. Marie Curie, ever the scientist, wrote, “Nothing in life is to be feared. It is only to be understood.” Of course Marie Curie died of aplastic anemia. She fell victim of radiation from the many fascinating glowing substances she had learned to isolate. How could she have known? Understanding is not only important in overcoming fear, but it can be essential sometimes for life itself. Ignorance is often deadly. While the government works on writing laws that will eliminate Internet insecurity, it would be wise to keep open the option of dealing with these problems ourselves. The first step is to open our eyes and see the wolf. This is where monitoring comes into play. Know what is going on. Only then can we start working on a solution. Later, if the government can make our lives easier with another layer of protection, so much the better.
