Hackosis

It is time to think of computer security in a new way.

In the physical world that we can feel and touch, security involves denying access through physical means such as implementing locks, infrared monitoring, closed circuit television, biometrics, human guards, alarms, card access control systems, vaults, and much more. Similar approaches have been implemented in computer security such as interactive logons, smart cards, biometrics, intrusion detection, and encryption.

Security measures and mechanisms implemented in both the physical world and in computing are very alike. Yet the physical world is very different than that of a world of 1s and 0s that make up our computing systems of today.

Introducing Security by Deception

NOTE: The only security by deception currently in widespread implementation that I know if is a honey pot.

With computing came another dimension, nothing like the physical world that we were used to interacting in before circuit boards and operating systems. As shown by modern operating systems, we can manipulate computers into emulating just about anything we want.
dontstealmyrsshackosis
So why are we thinking of computer security like we think of physical security?

With that in mind I would like to present an idea. Security by deception.

What if instead of denying access, the computer granted access to an intruder. The operating system would then launch an emulator in somewhat of a chroot jail. The emulator could be a GUI or command line. I am no security expert, but how would an intruder know the difference between a real shell and an emulator?

This, in turn, would severely slow an intruder from breaking into your system with something such as a brute force cracker. The brute force cracker would have no way of knowing if it has cracked a real login or is simply logged in to a emulation shell since the system would accept all logins.

Example:

dontstealmyrsshackosis
Hackers point of view:

Johnny Cracker is attempting to brute force your server. He discovers that upon the first attempt by using THC Hydra to crack the root login through SSH that access to the system has been granted. He logins to the SSH session and he is in the system. Johnny Cracker gets his kicks by destroying systems so he executes rm -rf / to delete all the files on the server. He quickly exits the SSH session and disconnects from the Internet going on about his day feeling successful.

Security by Deception and what really happened:

The server is programmed to accept all possible logins, but only for real user names and passwords do you get redirected into the real system shell. For any possible character combinations that are entered upon login, except for real user names and passwords, the shell is redirected to a separate, emulated SSH session that is running on another server (maybe virtualized). Thus, when Johnny Cracker logged in, he only assumes that he is on the real server and destroyed the real data. When in fact, he only deleted fake data that affected nothing except, for example, a VMWare server that is set to restore a snapshot every 30 minutes.

Where emulation comes in to play:

Suppose this concept is one day implemented in systems all around the world. At this time, it is also a known fact that many systems implement this technique to secure data and system integrity. An attacker or a brute force program could simply execute an ifconfig command to see if the IP address matches the system currently being scanned, and if not, it moves on to the next login attempt. This would still slow the brute force program, but the status of the login would easily be known.

An emulator could detect where the SSH session was connecting from and simply assign a variable to the IP address response when ifconfig was executed. Therefor, unless you know the system, there would be no way for the attacker to know whether the session is in an emulation shell, or the real system.
dontstealmyrsshackosis
This could be applied to almost any type of computing system such as web server administration interfaces, and so on. Maybe this will get some gears turning with the experts trying to fight all the answers to today’s computer security issues. Maybe someone can enlighten me as to why this approach is not implemented in most systems today. I would refer to a widespread implementation as the next generation of information security.