 |
| Image from Pixabay |
Assume
breach – you can safely assume that your systems have
been compromised; hackers have already managed to gain access to your IT
resources without you noticing. Of course this isn’t a very joyful assumption.
It means something like: my security will fail and I can't stop it. It sounds
like you're putting your head down, like a capitulation. However, it is not
intended that way. No, the assume breach mindset is pointing out that your
opponents have so many opportunities to penetrate your castle that it is simply
impossible to always adequately protect all holes.
Let me deepen the
castle metaphor a little further using the age-old parable as we know it in
information security, with the castle moat, the drawbridge and the crown jewels
in the robust keep. That comparison emphasizes how well we are doing with our
layered security. What I want to talk about is that those layers all have their
weaknesses.
Let's start with the
moat. That’s easy: in winter you can sometimes just walk over it (yes, you young
people, it used to get so cold in winter that all bodies of water in the
country would freeze). I think many proud medieval castle lords were surprised
when it turned out that their ingenious water barrier could easily be overcome
without boats, as long as the enemy waited for the right moment. We have the
drawbridge for normal crossing of that water. What happens if the chains or
ropes used to raise the bridge snap? Then the bridge deck falls down and
everyone can cross it. From a security perspective, if something is broken you
don't want the unsafe situation to become the default.
But fortunately we
still have the portcullis, which closes the opening in the castle wall. If its
chains snap, it will fall and access will be blocked. That is, if it doesn't go
askew due to the uncontrolled fall and become stuck. Then it remains open again
and the enemy can still enter.
Finally, there is the
donjon, or keep, the sturdy residential tower of the lord of the castle. It has
thick walls and narrow windows. Valuables and important people would stay on
the top floor, I imagine, furthest away from an intruder. I'm just afraid they
wouldn't have anywhere to go if the enemy started a fire.
The onion model is
based on the hope that if one layer is broken, the next layers will still stop
the attacker. But is it really so inconceivable that all layers are leaking at
the same time? The moat is frozen, the portcullis is rusted and the enemy, who
marches in unhindered, smokes out the lord of the castle. But you forgot the
archers! Well, that is a matter of attacking with a sufficiently strong and
well-equipped army.
So assume that the
attacker is already inside, the assume breach mindset tells us. Maybe he isn't
at the top of the keep yet, but he is already walking around within the walls
of your castle. He is in disguise and waiting for a good moment to make his
move. What do you do when you think you know that the enemy in disguise is
already inside? Then you don't trust anyone anymore. In security terms: zero
trust. You assume that no one can be trusted and that every time someone wants
something, you have to check whether that is allowed. Not: “Hi Pete, come in,”
but: “Hi Pete, let's check whether you are still allowed in.” This in turn
presupposes that it is perfectly clear what is allowed and what isn’t. Can it
be true that so many employees have access to that important system? Or can you
maybe reduce that attack surface through a better authorization structure? The
more people can do something, the more people an attacker can try to deceive
through, for example, phishing. Another important measure in this context is two-factor
authentication: you say that this is your user ID and password, but that alone
is not good enough to gain access.
In the physical
castle, zero trust only works up to a point. Ultimately, the lord of the castle
will have to be able to trust his bodyguards and his cook. He can take extra
measures: remove the jewelry from the display cabinet and store it in a locked chest,
for example. Thus making it a bit more difficult for an attacker. And that is
what our profession is all about.
And in the big bad world...
This
section contains a selection of news articles I came across in the past week.
Because the original version of this blog post is aimed at readers in the
Netherlands, it contains some links to articles in Dutch. Where no language is
indicated, the article is in English.
- Flipper torpedoes your iPhone and iPad.
- the Dutch
police's High Tech Crime Team has its own podcast. [DUTCH]
- criminal organizations commit fraud with allegedly undelivered parcels.
- there
is also an increase in rogue web shops, on the other hand. [DUTCH]
- various
Dutch political parties placed cookies illegally. [DUTCH]
- top managers should delve into artificial intelligence.
- Important first steps towards the safe use of artificial intelligence have been taken at Bletchley Park.
- ‘decoupling’ may be the new magic word for our online privacy and security.
- everyone in the organization is responsible for information security.
- the
Dutch Data Protection Authority explains once again how easy passwords are to
crack. [DUTCH]
- five hundred scientists express their concerns about Article 45 of eIDAS .
.jpg)
No comments:
Post a Comment