[Beowulf] Which distro for the cluster?

[Robert G. Brown]

On Mon, 8 Jan 2007, Joe Landman wrote:

> The idea is you minimize the exposed footprint of the machine to threat
> facing access.  This is why lots of the secure sites are disabling USB
> ports on the motherboards (but mistakenly then running systems which can
> install keyloggers and other malware ... ).  If the USB does not
> electrically work, it is not a possible attack vector.

(Ignoring the rest of Joe's quite excellent security summary, which for
the most part I completely agree with although I'm much more willing to
say the word "Microsoft" than he is, apparently.  Microsoft.  Microsoft.
Microsoft <poof, they disappear>:-)

This part reminds me of parts of Neal Stepheson's "Cryptonomicon" and
trans-ubercrackerdom.  In principle, every time you type a key, you
generate a tiny electrical signal with an associated EM pulse signature.
Some portions of the energy associated with the signal are immediately
radiated into the surrounding environment, where they are e.g. absorbed
by components on the motherboard, others cause tiny fluctuations in the
power draw.  In all cases there exist amplifiers and feedback loops that
can cause those signals to modulate existing signals and noise.  Indeed,
if you run your system's microphone on at high gain (whether or not the
microphone is plugged in) and listen to audio noise, you can usually
actually hear some of the noise modulation produced by your typing as
you do so.

In principle those modulations can be isolated from the generic noise
and signal mix on e.g. the power lines, ambient phone lines, external
high gain EM antennae, and so on.  Or in another of my favorite spy
methologies, one can bounce lasers off the external windows or
microwaves off of the walls of a house, do a fairly simple
autocorrelative deconvolution of the reflected signal, and pick up e.g.
human conversation or the noise of keyboarding from inside.  Since
humans tend to type keys in patterns and frequencies that can (with some
effort) be stochastically analyzed and matched to keystrokes, if
somebody REALLY REALLY WANTS TO they can very likely snoop on your
system activity in some pretty extraordinary ways.  Ditto in principle
one can often recover whole histories of read/write behavior from hard
disks by working hard enough on analyzing the residual magnetization
distribution of magnetic domains.  The "physics" of systems isn't really
designed to be secure, it is designed not to annoy people or other
hardware devices with EM noise above a certain intensity in certain
frequency ranges.  BELOW those intensity ranges there is a wide expanse
of in-principle detectable.

So who wants to this badly (cracking and snooping at this level isn't
cheap)?  Bad people where there is a lot of money at stake are one
possibility -- maybe it is time for another Neal Stephenson novel where
the world's largest bank heist takes out the fortune of a well-known
multibillionaire computer geek who foolishly allows his online access to
enormous amounts of money to be keylogged in many different ways, or
where bank officers or bank IT systems are systematically compromised in
this way.  Banks tend to be paranoid enough to completely isolate their
core systems -- NO external network, careful filtering of all power
supplies, NO windows, NO external walls, checks on checks at all human
levels.  Also the military and government, where some secrets are worth
more than money on both sides -- as the cracker (of e.g. al queda
systems, if any are known) and defending against crackers.  Again, I'm
fairly certain that most of the NSA's systems are locked down against
all of this sort of thing and still more, with systems people that are
paranoid even by the borderline personality standards of that insanely
paranoid profession...

SO it isn't just keeping good passwords or being a boy scout or
monitoring a system carefully.  Der Ubercracker is, almost by
definition, always one leg up on you.  The only thing that stops them
from cracking you is the investment in time and other resources
involved, or the risk of negative penalties if they are discovered
trying (which can be minimized by investing more heavily in the effort,
etc.).  I absolutely agree with Joe's basic approach -- inform everybody
that avoiding data theft is a matter of investment and CBA on BOTH sides
of the line -- you have to protect the data on the basis of what it is
worth.  Beyond that, the smart thing to do is engineer the system so
that if you are cracked, in some sense you do not care.  Your data is
backed up (multiply, redundantly, over a long enough time interval that
you can go back before the cracker entered and work forward cleaning as
you go).  Your systems can be reinstalled "instantly" (see previous
discussion on automated scalable install and maintenance).  Your servers
are sufficiently tough and you watch things sufficiently carefully that
you probably didn't get cracked there and if you did, well, you
reinstall them from scratch too (off the network, taking real care to
clean up the primary means of entry as you do so).

A good design can make being cracked ALMOST a non-event for less than
ubercrackers (who are so good at encapsulation that you may never know
they are there, or can only tell that they are there by passively
monitoring raw network traffic from an uncompromised box).  They get in,
you catch them quickly, reinstall the compromised machine and freeze the
compromised account (pending a talk with the user, sucker rod in
hand:-), and go on with life.

   rgb

-- 
Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu