Dr. Antonio Nucci

By Kevin McTiernan

A story appeared on the Time magazine website in October describing a serious problem in India – the city of Delhi is inundated with Rhesus monkeys. With monkeys considered sacred by Hindus, a feast of bananas and peanuts left out for them is commonplace. Encroachment on their habitat, coupled with years of inaction and the “feasts,?” have brought the monkey population in Delhi proper to as much as ten thousand. In search of food, they have attacked people, broken into Parliament, kept people from entering homes and wreaked havoc to offices (in 2002, a pack of monkeys attacked students in a girl’s college in Darjeeling India; and, in 2004, monkeys were blamed for ransacking the offices of the Ministry of Defense). Initial responses to the problem were for offices to glue windows shut. But a new solution has taken hold - langurs (large black-faced apes) are now being deployed by office building managers and city officials to protect buildings and scare away the monkeys.

Primatologists believe that using langurs is a bad idea for several reasons. First, the apes only scare the smaller monkeys, just moving them to another building or part of the city. Second, there is evidence that the apes will eventually coexist with the monkeys and no longer scare them. Third, the apes are scary (and potentially dangerous) to humans. Fourth is the obvious cruelty aspect. The final reason comes from me, hasn’t anyone there ever watched Planet of the Apes?

When I first read the article, I laughed out loud and explained the story to nearby coworkers. I then found myself intrigued about the subject and read more, realizing the business lessons it provided; in particular to network security:

The monkeys are similar to hackers or botnets. The growth of the Internet and a limitless “feast?” of resources consisting of unprotected home computers and only slightly more protected computer networks have resulted in their population and audacity to swell. Some businesses completely lock down networks through firewalls (glue their windows shut), and while seemingly protected, in turn actually keep employees imprisoned and customers disinterested. And, some of what people would assume to be the most secure facilities (Ministry of Defense or Parliament), turn out to be vulnerable to the most basic of attacks or exploits. The quick reaction of deploying a “bigger hammer?” (langurs) to scare away attackers will work only with the smaller threats. But in reality, this approach will simply cause the tactic to change to another location or to come back in a larger group - but you can be assured, they will be back! Finally, a static system, over time, will not be much of a deterrent at all - only by learning and adapting can the threat be eliminated while not affecting service. This agility gained through learning and adaptation will ensure that when the next threat changes shape (from monkey problem to lion problem, for example) your security solution does not become a zoo of deterrents.

Check out the original story in Time Magazine and another one from HTT.

An Aside

The whole saga is oddly reminiscent of an episode of the Simpsons (“Bart the Mother?”) where Bart is forced to care for two eggs after killing a bird. The eggs turn out to be that of a lizard that eats bird eggs. The town decides the lizards must be killed, but change their minds after they learn the lizards kill pigeons. With “feathered rats?” out of the picture and lizards running rampant, the next plan becomes to deploy snakes to wipe out the lizards. To rid the town of snakes the plan is to use gorillas that like snake meat. They hope the task will be completed by winter as the next plan is to let the apes freeze to death.

Radar has a great timeline of how this story is the beginning of our path to the Planet of the Apes.

The Simpson Archive has the “Bart the Mother?” episode.

By Dr. Antonio Nucci

My article on IMS and Security was just published by the IMS Magazine in its October 2006 issue.

As I discussed in the article, it used to be easy to secure a telephony connection. Traditional phone companies owned their networks and controlled every inch of the connection between their central offices and the simple telephone instrument at the other end. Today’s complex, ever-changing carrier environment has become fertile ground for a host of new, sophisticated threats, vulnerabilities and malicious attacks.

Forward-looking carrier architectures such as IMS require a next-generation systems approach to security, one that is designed for use on large, complex, high-speed networks and can adapt to rapidly-changing environments and new service offerings. Such a system must provide full visibility into all the elements in the network, and the ability to manage and correlate all the information from those elements at extremely high speeds. It must also employ advanced algorithms, based on advanced mathematical principles such as information entropy and signal processing, which see well beyond traditional volume- or signature-based appliances and point solutions.

At the end of the day, carriers must have a security paradigm shift and evolve to holistic network security systems, if we are to keep the Internet safe in the new world of SoIP (Services over IP).

Scammers and spammers are increasingly employing Voice over IP (VoIP) as a new means of launching attacks targeting the infrastructure and services on the Internet. Given the ease of use and availability of VoIP technology, it is easy to foresee a future in which an attacker either legitimately or through ‘number-jacking’ (i.e., compromising software phones), amasses an army of phone numbers, readily available for launching any kind of attack through auto-dialing capability.

But just how serious are the threats posed to VoIP? We’ve already seen a string of attacks against either the VoIP infrastructure or end users. In one such incident, early June of this year, two men were arrested for fraudulently routing approximately 500,000 calls illegally over the VoIP network belonging to Net2Phone, a Newark, N.J., VoIP provider.

How would people’s attitudes toward technologies like VoIP change if they understood the ease with which hackers could either attack their phones, or worse, hijack their phone or number to launch an infrastructure attack? We believe these threats are very real. We also believe that the average user thinks of their VoIP phone in much the same way as their circuit switched phone - as private and secure.

We have recently introduced new security algorithms that have the unique capability of processing several millions of calls per second, from either ISPs or carrier-links, in order to detect a wide variety of attacks:

• Call spam where a spammer places large volume of automated calls through a few harvested phones

• Scanning or “blind?” flooding attacks aimed at “random?” targets, and employed to discover SIP phone devices, proxy servers, registrars, etc.

• Targeted flooding attacks (DoS, DDoS) employing high-intensity or repeated packets

• Call hijacking or “man in the middle?” attacks by intruders attempting to take control of a call

• Exploit attacks (buffer overflow, SIP, etc.) designed to exploit vulnerabilities in VoIP or SIP implementations

Our philosophy is that securing VoIP is more than securing SIP. You must be able to secure protocols at all layers from 3 to 7, and deal with asymmetric traffic from multiple links. In future entries, we will discuss our systems approach in more detail.