Editer l'article Suivre ce blog Administration + Créer mon blog
8 juillet 2010 4 08 /07 /juillet /2010 23:58

Most of the time I would say and repeat: people should review their security systems and probably harden their configurations and system settings.


This time, my post is gonna deal with the contrary: how a hardened URL filtering system can impact productivity and vital assets.

You may read that security vendors tend to add a new way to block malicious / suspect content: security reputation.

I will not discuss the idea by itself right now. Let's just say that to protect from compromised systems, it could be a really interesting concept.

But what happens if the security reputation is wrong? That kind of measure is somewhat a score, which is most probably dynamic.

The firms that are being protected by that security reputation filtering system do not see the reputation score of their online applications and needed websites (assets).

Because the score is dynamic, it can be different today from yesterday.

Here is a part of a real story: it is about a vital portal, I mean a portal related to a vital function of a state (counter terrorism point of view, such as energy, communications, transportation, medical emergencies...).

One day that portal had its security reputation to be reviewed and reach "high security risk". In that case, most of the systems working with "security reputation filtering" automatically blocked any access to that website...

This was quite serious... We are not talking about Facebook being unreachable, not even Google... it is about a crucial web portal, government watched and related for a service that helps the country to run.

Were the firms informed before the website was automatically blocked? not at all, since it is an automatic check and update.

Could the firms easily bypass that filter? not really, if you consider that proxies are vital equipments and may not have their configuration radically changed so quickly, in emergency mode, and in production...

Could the firms monitor all the virtal websites/portals they know they need, to prevent that kind of situation? well if you consider 100 000 computers, several millions requests a day, and several thousands websites being whitelisted...  certainly not!


So I really warn any people that use or plan to use a technology close to security reputation score with automatic blocking. You may have real situations, with oproductivity loss and above all collateral damage...

Partager cet article