Monday, November 22, 2010

“White” Clouds vs. “Black” Nets

According to the Network World magazine (http://www.networkworld.com/community/node/58829) the biggest computing network on the planet was the number of computers controlled by the Conficker computer worm. In March 2010 Conficker controlled 6.4 million computer systems. 230 top-level global domains were penetrated, which included more than 18 million computers, or 28 terabits per second of bandwidth. Conficker operations could be therefore be classified as a “black” net. There is no reason why successors to the Conficker would not reappear in a different form in the future.

In comparison the biggest legitimate (e.g. “white”) cloud provider is Google. It is made up of 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwidth. Amazon comes in second with 160,000 systems, 320,000 CPUs and 400 Gbps of bandwidth, while Rackspace offers 65,000 systems, 130,000 CPUs and 300 Gbps. Microsoft’s Azure is so far only in a start-up mode of cloud computing services.

The Google, Amazon, Azure and Rackspace “white” clouds have very little in common with the Conficker "black” nets. They operate in completely different ways. The difference is in the ways they expose themselves to vulnerabilities of their security.

Conficker attacks any Windows computer, anywhere where computers (servers, desktops, laptops) are not correctly defended. This lack of sufficient defenses applies to a significant share of the global population of over half a billion devices. Such attacks are launched from sources identified as “hackers”.

Customers of Google, Amazon, Rackspace and Azure initiate all transactions. “White” clouds are architected for highly experienced and professionally managed operations through standard OS-based mechanisms, installed by their owners. In the case of “black” nets the malware is an invasive parasite that is self-installed and managed without the owner's permission or awareness.

Google, Amazon, Rackspace and Azure clouds use proprietary methods, which incorporate software and hardware that offer elaborate protective measures for security assurance. Their security methods are different.

Conficker and similar botnets function by exploiting a huge number of back doors that can be found in Microsoft Windows. Security counter measures must then deal with a long list of such flaws as well as with the human errors in the defense of exposed computers.

The vastness of the Conficker operations requires users of owner-operated systems to purchase, from a diversity of security vendors, protective devices to operate IT systems. Individual owners of systems must become knowledgeable of the perils of malware, such as botnets like Conficker, when they decide to protect their own computing infrastructure.

SUMMARY
The relocation of a firm's computer operations from an environment where it is vulnerable to "black" net attacks into a technically well managed, commercially motivated and most likely less vulnerable "white cloud" environment has the advantage of lowering the costs of computer security.

“White" clouds have the advantage of economies of scale in the use of security devices. “White" clouds can deploy scarce security expertise more effectively. With the rapid escalation in the capabilities of attackers, only organizations that can set up set up secure "white" clouds will be able to afford networks that have lower risks.

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com