Google Desktop Engine is a Threat to VPNs

Reading the article in Network World this week, (11/22/2004, Google search cache spawns SSL fears) a reaffirmation of the obvious was once again proven true - for most people (including developers, Companies, end users, Infrastructure techs, etc.) security is ABSOLUTELY the last thing that is ever considered.

The article contends - and correctly so, that the Google Desktop Engine caches content to the local system - even that stuff that you're trying to protect on your Corporate network that you've set the VPN up to protect.  Typically, when a user logs off, the data is gone as well.  Yes - there is some data that is cached via various browsers, etc. but this is typically mitigated by most VPN clients and tools that are distributed by the knowledgeable InfoSec group or Network Security group that will clean the cache of any elements that were stored there while on the VPN.  Sadly, Google is using a proprietary cache mechanism that is currently not controlled or controllable by these methods.

It's also stated that most people using the engine would not be very happy if the cache was purged anyway.  Simply put, the security of the Corporate network comes second to the user of the engine who would have to rebuild the cache each time they left the VPN - taking some amount of time.  Knowing most users, any inconvenience is too much.

However, Google is "Thinking" about implementing hooks to allow the engine to be purged.  The scenario above, of purging the cache, is only fantasy today.  Google would need to enable this possibility.  I'm glad to hear that Google is "Thinking" about it.....

Some might wonder, OK - so what's the big deal?  Well, let's just say that you used a friend's PC at their home to log into the office to check your e-mail, OK some documents, whatever.  Your e-mail contains an urgent message that requires your approval on a document that consummates a deal that has been in the works for some time - the acquisition of a company that will allow your company to heavily leverage a new segment of business.  But, the only way that it can succeed is if the acquisition remains confidential until the public announcement, which is not for some three weeks once the deal is final.  No problem - you're on the VPN.  The e-mail stream is encrypted in the VPN tunnel, and the attached document is protected.  You open the attachment, read over the document, send your approval and ensure that the document is gone - erasing any possibility of the disclosure before the appropriate time.

Little do you know that you've unknowingly compromised this very confidential secret.

Your friend has installed the Google Desktop and it has cached and indexed your acquisition document.  Your 'friend' finds it later that night and makes a public disclosure that ends up killing the deal.  You lose your job, your company goes under, and a virus takes over your town and raises the dead....(ooops...sorry - that's Resident Evil.....)

I'll bet that Google had no intent of harm in respect to their engine.  However, I'll also bet that, if they even built a threat model detailing the vulnerabilities, side effects, and the problems that needed to be addressed with the Desktop Engine, it never took into account the 'VPN Problem'.  It never really addressed the 'Corporate Desktop' issues.  More likely, the threat model assessed the threat to their product - not the security of their customers data.

Developers are vital in the Security battle.  There is no greater example than Microsoft itself.  Network Engineers, InfoSec personnel, etc. can put policy, standards, models, procedures, etc. all in place - and be completely circumvented by a poorly written application that has not taken any precaution, any effort in implementing even the simplest of practices for securing an application.  No checks for proper data behavior, input validation, url strings, buffer overflow, stack checking, etc, etc, etc.  Sadly, most attack vectors that we watch are going to catch the compromise of a badly written app.

The other question - that I'll leave for thought on another day is this:

What should Corporate America be doing to protect themselves from the software like the Google Desktop installed on their user's desktops or laptops?  Granted, we can have policy and measures for the Corporate asset, but it's a bit harder (read: Impossible) to control a non-Corporate asset.  Know that NAP (Microsoft's Network Access Protection) and NAC (Cisco's Network Access Control) are some couple of years off - the dreaded "Longhorn Timeframe".

What is the Corporate environment to do with the daily new and interesting threats?  I'll talk about my thoughts in the next couple of days.

-rtk

New and Interesting from Microsoft today.....

Troubleshooting Group Policy in Microsoft® Windows® Server

This white paper helps you troubleshoot the most common problems affecting the deployment of Group Policy in a Windows Server 2003 or Windows Server 2000 environment.

http://www.microsoft.com/downloads/details.aspx?familyid=b24bf2d5-0d7a-4fc5-a14d-e91d211c21b2

ASP to ASP.NET Migration Assistant Documentation

Windows XP SP2

If you're living under a rock - first, you're not reading this, and second - you have no clue as to what Windows XP SP2 is.  Let me just say, plainly and simply - SP2 is to Windows Security what gasoline is to a car.  It's vital, necessary, and you're not getting very far without it.

Some folks are a bit perturbed that this type of enhancement (yes - this is a BIG enhancement involving BIG chunks of code....) is not finding it's way to Windows 2000 Professional.  Likely, it won't.  Reason being is pretty simple.  One, as just mentioned - it's a big change.  Right, right - service packs are not supposed to be BIG changes in functionality.  Well, guess what.  Microsoft changed its mind.  Service packs ARE a big change with crap loads of feature and enhancement.  And, because everyone and their little dog has been beating Microsoft up about its apparent (and quite accurate) lack of emphasis on security - you get a couple of really BIG service packs that are going to focus directly on security as the core feature.  (Right - I said Service PackSSS - you've heard rumored this SP1 for Windows Server 2003?  Yeah - that would be it....)

So, why no update for Windows 2000, as I understand it?  Well, IBM - when a program, OS, whatever, reached a stage in its life when the next version was out and it was just time to maintain the old until everyone moved by choice or by enticement (yeah - the old one no longer had support...), they would call the software "Functionally Stable".  This simply means that it works, we provide bug fixes, but there isn't much new that's going to happen with it because it works as intended, Thank you very much.

If I was anyone on Windows 2000 Pro or server, figure out what it's going to take to get to XP and Server 2003.  If you have security issues on 2000, who are you going to blame?  Writing has been on the wall for some time now.  I'm tired of the complaining about security.  Microsoft has made a big step.  It's your turn now.

What are you waiting for?

I'm Back!!!

Okay - I've been - MIA from this Blog (but not missing in any way from the Security and Directory Services scene) but I have some new tools that should make it easier for me to do what I need to do to get more timely information up to the blog.

For those of you that have been patient (I can't imagine that there are many) thanks.  For those of you that check now and then - look for more consistent updates to the posts here.

BTW - we're in the new house and things are great (yeah, we've been here since February 2004)

-rtk