October 23, 2007

Potential Points of Failure

One of the most important steps in creating a good security scheme is to minimize the number of points of failure. What is a point of failure? A point of failure is any point in a process in which the procedures in place can break down and cause a failure; essentially, they are weaknesses.

Points of Failure in Online Transactions:

In a recent review I wrote on Mint.com , I mentioned many of these points of failure, and because of the number of them, I became concerned with the overall security of the product. This does not only go for Mint.com, this goes for every process and every procedure we use in day to day business, I use Mint.com in this example only because I have wrote about it recently and it deals with a very important subject; your money.

The standard way people use online banking is they log in to their banks website, and thats it. So the process looks something like this:
Persons Home Computer -> Internet -> Bank Web Servers -> Bank Database Servers -> Internet -> Bank Live Transaction Servers

As you can see there are about 6 points of failure. What this means, is that if any one of these points is compromised, there is a potential to lose data.

When using an application like Mint.com the process looks like this:

Persons Home Computer -> Internet -> Mint.com Web Servers -> Internet -> Yodlee Servers -> Internet -> Bank Web Servers -> Bank Database Servers -> Internet -> Bank Live Transaction Servers

As you can see, the number of points of failure has now gone up to 10. I addition to the points of failure increasing the potential loss is also increased. The reason for this is because in the original method, if any of the steps after your home computer are compromised, you only lose the integrity of that single bank. In the method using Mint.com, if the steps after your home computer, but before the Yodlee server to your bank are compromised, you potentially compromise all accounts that you are using the application to track.

In both scenarios, your home computer is typically going to be the easiest to compromise, and the one that holds the most amount of your personal data. So in either case the risk will be the same. If someone compromises your home computer, they can just collect the passwords/usernames for all of your accounts. Your home computer is also the most likely to be attacked, the reason for this is because home computers are low risk targets, and an attack can be as simple as sending an email with a virus attached. All the attacker needs is to have the user open the attachment. Home users don't invest much into security typically, but a large company like Mint.com invests a lot into their security, and have staff monitoring for these types of activities, so the risk is significantly greater for the attacker should they go after a large target like Mint. The reward is also potentially greater, but the skill required to pull it off would be much higher. With all these factors the likely hood of a breach is relatively low on Mints side, but pretty high on your home computer.

Points of Failure on Home Computers and Networks:

Similar to the points of failures in online transactions, home computers have points of failures with in them. For instance, every user account on your computer could be considered a potential point of failure, because each one presents a point of attack for someone trying to crack a password or find an account with no password.

Another potential point of failure is your home wireless router (if you are using one). A large percentage of people who buy wireless routers don't know how to configure them properly and don't take the time to secure them. Because of this, anyone within range of the signal can not only gain access to the network (and potentially to all computers on it) but can gain access to the interface on the router as well.

If a person were to gain access to your routers interface, they could set it to use a server the attacker has set up as your DNS server. What this means, is every time you try and get to a web page, it will check with his server where that page is located on the internet. If the attacker were to set it up so every time you try and go to your banks website, it takes you to a clone of it that he has set up on his server, he can then collect your username/password for that site, and you probably wouldn't notice for a while since he could make it give a generic error saying the site is down once you submit the username and password. Most people will let that go for a few days if they don't suspect any problems. A similar attack could be preformed by sending you an official looking email and have the links point to a rouge site the attacker has set up (this is called phishing, and is probably the most commonly used email attack)

As you can see, these potential points of failure are both common and dangerous. In many cases the old saying "keep it simple" can help you prevent having the excess points of failures. Don't use more equipment and connections then necessary. If you don't need a wireless router at home, then don't get one. If you don't need 10 accounts on your computer, delete the ones that aren't used. And always do the best you can to keep your computer secure.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google