can you trust the network traffic more than the endpoints?

I’m catching up on my feeds today at work (amazingly, I didn’t have a huge pile-up of issues like I expected!), and I was reading Bejtlich’s updates on Black Hat. Particularly, I think I want to see the presentation Deeper Door: Exploiting the NIC Chipset by Shawn Embleton and Sherri Sparks of Clear Hat Consulting. Richard says, “This presentation reinforced the lesson that relying on an endpoint to defend itself is a bad idea.” Basically the researchers found ways to pass packets past host-based protections.

While this isn’t a revelation that will cause us to throw our hands in the air about endpoint protections (it’s just a bit too exotic to be a big risk right now), it does reinforce my feeling that the network is the future of security, the stuff that is actually passed from system to system. Well, at least until it is all encrypted for privacy concerns. This is because endpoints just cannot ultimately be trusted or protected in such a way as to remove the network protections and barriers.

Besides, on a related note, I had two overarching security take-aways from my Defcon experience:

1) Open networks are untrusted networks; act like it. The ability for attackers to subvert subnet traffic or sniff traffic or attack endpoints is just huge on an open network. Compound this with wireless… Basically user beware. Hell, even I sit at hotspots and scan around and sniff casually.

2) Endpoints are still ripe to attack, even if you think you run host-based protections. Maybe seeing Jay Beale’s talk on host-based protection will change my mind, but like Maynor said in his panel talk, he’s not risking even turning on his Macbook wifi because he knows or at least one 0day exploit for Broadcoms. Yes, we’re a paranoid lot, and Maynor maybe a little more so since he is a personality, but the actions/habits of the experts should not be taken lightly.