On Sun, 4 Jan 2009, Jeffrey Lyon wrote:
Say for instance one wanted to create an "ethical botnet," how would this be done in a manner that is legal, non-abusive toward other networks, and unquestionably used for legitimate internal security purposes? How does your company approach this dilemma?
The company I work for has not approached this particular dilemma yet. I'm not sure what legitimate internal security purposes you're looking to fulfill, but I think you need to ask yourself a few questions first (not an all-inclusive list, but food for thought nonetheless): 1. What is the purpose of this legit botnet? In other words, what business objective does it achieve? 2. Do you have the people in-house to write the software, or would you be willing to take a chance on using something that exists 'in the wild'? Depending on how security-minded your shop is, your corporate security folks and legal counsel might take a dim view toward using untrusted software on your internal network, especially if source code is not available. That particular monster can get out of control very quickly. 3. Do you have a sufficient number of machines that are controlled by you to populate this botnet and achieve my goals (see point 1)? 4. How will this botnet be isolated from the rest of your internal network, and would that isolation limit or even negate the botnet's usefulness? 5. If the answer to question 4 is "no isolation", how will you demonstrably control the botnet's propagation? 6. Depending on the answer to question 5, there might be regulatory compliance (HIPAA, FERPA, GLB, SOX, internal security/privacy policies, contractual obligations, etc...) issues to consider.
Our company for instance has always relied on outside attacks to spot check our security and i'm beginning to think there may be a more user friendly alternative.
Infection, even for ethical purposes, is still infection. jms