Download PDF - Codenomicon

More documents

Recommendations

Info

CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs) works remotely. An abuse situation awareness system needs to collect information from potentially unreliable sources and produce reliable reports. Botnets are modular and resilient and they can distribute processing. These features make a botnetinspired architecture the ideal basis for an abuse situation awareness system. Benefits of a botnet-based architecture The botnet-inspired architecture makes AbuseSA very flexible, scalable and robust. In AbuseSA, each source is followed by its own bot, which reports to a C&C channel. Using separate bots for different sources makes the system flexible and resilient to errors in the sources. The system can collect information from a wide variety of sources; each bot can be configured to understand the transports and formats of its source. Thus, the user can collect information without imposing any requirements to the feed provider. In addition, new sources can be added simply by adding a new bot on the fly, which makes the system easy to scale. The botnets communicate over the extensible messaging and presence protocol (XMPP). Thus various tasks can be distributed and even run in various geolocations. 10 Cyber Security Risks Hobbyists, Hacktivists and Cyber Crime Security threats have been growing in scale and sophistication for decades. Twenty years ago, cyber attacks were primarily the domain of hobbyists. Then, as the opportunity for profiting from stolen information grew, criminals started taking a larger role. More recently spies working for government and corporate espionage are leading some of the most technically advanced and resource intensive attacks to date. 2011 saw a significant increase in the activity of “hacktivist” groups like Anonymous and LulzSec [19]. The motivation for these groups is retaliation for perceived wrongdoing. Rather than financial gain, their main goal is embarrassing their victims. However, their attacks are not without financial consequences. Critical Infrastructure Critical infrastructure networks are no longer isolated. They are all connected to the cyberspace, the global network of interdependent information technology infrastructures and communication networks, and they depend on common commercial off-the-shelf software. When SCADA systems were fist implemented in the 1960’s, it would have been hard to image that critical control system could be attacked remotely or that printers in adjacent corporate networks could be used as weapons to attack them. Nobody could envision such threats, so no measures were taken to make the networks resilient against cyber-attacks. Newer SCADA devices communicate using Internet protocols, sometimes over the public Internet [20]. This helps reduce the cost of dedicated communication links, but at the same time it makes the networks more open to outside attacks [20]. Power grids, telecommunication and transportation networks are exactly the type of infrastructure that has been the target of traditional warfare, only the weapons have changed [21]. There have only been a limited number of reported cyber-attacks against critical infrastructure [21]. However, it would be naïve to assume that hostile nation states, terrorists and hacktivists are not aware how vulnerable these networks are and how much havoc such an attack could cause [21]. The Stuxnet was the first publicly admitted act of cyber warfare. It demonstrated that cyber-attacks can cause significant physical damage to a facility [22]. The Stuxnet was a very sophisticated attack carefully selecting its victims and remaining undetected [22]. It utilized four different zero-day vulnerabilities. However, many critical infrastructure networks are so vulnerable that it does not take a sophisticated attack like Stuxnet to exploit them. In many countries, large parts of the critical infrastructure is privately owned and extremely vulnerable [21]. Corporate Networks A network is only as strong as its weakest element [23]. If attackers manage to compromise a laptop or a smartphone of a remote user working over a VPN, then they direct access to your
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs) network. The Stuxnet was carried into the plants on a corrupted laptop or thumb drive [22]. Corporate networks connected to critical networks are full of equipment, like VoIP phones, printers and storage devices. Nobody thought that these devices could be used to attack the networks, so the developers did not try to make this difficult or impossible to do [12]. When sourcing equipment for critical networks or networks connected to critical networks security, robustness testing should be used as an acceptance criterion. The challenge with outsourcing is that you lose visibility over the security and quality of the software development. Often buyers have been surprised to find that the middleware they have purchased has an open source core. Networks for distributed organizations often include site-to-site, branch office, and remote access networks. There might also be additional network security layers such as VPNs and LANs. All these add to the complexity of a network making it more difficult to secure and increasing the importance of proactive measures. Desktops, laptops, smartphones, USB sticks Printers Firewall IPS/IDS Web and mobile services Cloud services Closed Network Router Corporate Network Router Internet Laptops USB Sticks Web servers VoIP server Storage devices VPN Partners Branch office Roaming user Remote user Figure 6: Closed and corporate networks. Cloud Security eGov and mGov In recent years the use of virtualization technologies and cloud services has increased dramatically. Cloud services and virtualization can help government agencies connect with citizens, improve efficiency and reduce costs. However, like any new technology, cloud services and virtualization introduce new security concerns. New technologies are not necessarily inherently less secure than old ones. They just have not been tested and used for as long. Also, the threats can be different. The potential security risk in cloud technologies is the hypervisor, which controls all the clients within a virtual cloud. If the implementations of PHYP or another hypervisor protocol contain vulnerabilities, these could be exploited to inject malicious code or to otherwise control client clouds. eGov and mGov services make information sharing between citizens, businesses and government more seamless: less paperwork, less bureaucracy and you use the services whenever, wherever. Such initiatives should be applauded, as they improve the efficiency of government services and improve the quality of service experienced by the users. However, in developing services with external user interfaces to handle private and confidential information, the robustness of the services should be thoroughly tested before deployment. Any security incidents could erode user confidence and set back the development of the services.
Page 1 and 2: Codenomicon whitepaper: Proactive C
Page 3 and 4: CODENOMICON WHITEPAPER - Proactive
Page 7: CODENOMICON WHITEPAPER - Proactive

Download PDF - Codenomicon

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?