Saturday, June 26, 2010

Tracking Anomalies in Social Computing

In the 5/25/2010 issue of AFCEA Signal Scape I explained "How to Practice Safe Social Computing". The separation of secure NIPRNET computing, by means of a virtual desktop, from the unclassified Internet virtual desktop was seen as affordable secure means for separating social from DoD computing.

To accomplish the separation between the Private Personal desktops and the Work Personal desktops calls for the placement of isolated logical windows on top of the Virtualization Platforms both at the desktop devices as well as at servers located at the data centers. By far the most secure and least expensive way of achieving this it by resorting to the use of thin clients for social computing (See Figure 1).

Though DoD work is protected against security intrusions because any virus or botnet conveyed over the Internet lands up in a completely isolated virtual server, the outbound traffic from the Private Personal computers is open to compromise from unauthorized disclosures. In the case of potential security  compromises from insiders, DoD remains completely unprotected.

Giving access to social computing therefore calls for the complete tracking of all transactions. Such monitoring must account for every social computing message. Forensic methods can be then used to identify incidents for the apprehension and ultimately as evidence used for the prosecution of security violators.

The monitoring of social computing messages will be taking place at network control centers equipped with automated software that would reduce the workload on the surveillance staffs. Peak load transactions of social computing (including reserves, contractors and dependents) could approach 100,000 messages per hour. Without massive automation combined with a security schema that permits the correlation of message patterns over an extended time period the monitoring of social computing is not manageable.

There a a number of forensic tools available identify security anomalies, such as shown in Figure 2.

The isolated connections would receive the highest priority for added surveillance.

Summary

The authorization of even restricted social computing access to the toxic Internet, without interrupted monitoring, is a risk that should not be tolerated.

Figure 1


Figure 2

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com