This quote from George Santayana has been somewhat skewed over time .... "Those who do not learn history are apt to repeat it" being one popular one but I believe Santayana's words are as true today as ever.
No this is not a post about politics - it is about security and ties into some of the recent thoughts on planning. As I had a coffee today I began to think about security from a network perspective. Not network security but the perspective of security being established through the interconnection of people, technology and events. As I did this I remembered some of my history and it then dawned on me the similarities of things in the past and what has been happening today. Let me try to explain.
Most of you are familiar with the Comodo attack from earlier this year. The attack was perpetrated by going after the platform used by an administrator. The success of this attack led the attacker to being able to create credentials in the name of some very significant companies that would have allowed very broad attacks on potentially hundreds of thousands of users. Thankfully the latter part of the attack was not executed and the breach was discovered before major widespread damage. The point here was that the attack was against the management plane of the system and an attack at that level can be hard to discover. A similar management plane attack occurred in 2010 that allowed someone to take control of a private Certificate Authority which caused major problems for a very large contracting firm in the US. Two examples of management plane attacks that created great havoc.
So where is the history linkage. Well 25 years ago there was a manager at a firm in California that discovered an accounting error in a system. He asked one of his people, Clifford, to look into this. It took some time but Cliff was able to discover a sophisticated attack against the burgeoning defense and other networks. He eventually traced the perpetrator to a network connection coming from Germany. For some time he got no where working with the Deutsch Bundespost, who ran the networks, and then one day they called with the data he needed. What Cliff did not know at the time was that the perpetrator had used a management plane attack within the Bundespost system. He was able to connect to the DBP network, carry out his attack against networks all throughout the US and then he would go back and delete the accounting record on the network switch before it was uploaded to the accounting system. To the DBP the user was never there. A young guy living in Ottawa worked with the DBP and they found the switch coding issue that allowed the guy to delete the accounting records. The hole was closed and a couple of months later Markus Hess was caught.
Now closing the accounting error at the DBP was only one piece of the puzzle, to learn the rest read The Cuckoo's Egg, but it did show that an attack against the management plane would provide a mechanism to hide the real attack.
The lessons learned here are many but the big ones - understand system connectivity (the network), plan to protect hierarchically making sure the high value management system gets attention, and leverage new technologies that provide strong two or three factor authentication on the highest value assets since a breach there will either bring the entire system down or will create a security gap that is not even known about.
- Posted using BlogPress from my iPad
No comments:
Post a Comment