A Stealthy Defense in Depth
Author(s): Bob Supnik, Posted on June 14th, 2012
It is easy for the best-planned perimeter defenses to be breached through human error, thereby making an entire organization or company vulnerable to hackers. Companies need to have defense in depth: security defenses that assume compromises will happen and work to contain and limit the enterprise’s exposure. This was echoed at the RSA Conference earlier this year, where the watchword was, “You will get hacked.”
Stealth, Unisys’s patented cybersecurity technology, can play an important role in creating defense in depth. First, Stealth can compartmentalize a corporate network, so that systems that have been breached cannot see or access other critical systems. Second, Stealth is designed to protect the integrity of communications that pass across public networks subject to interference. Let’s take a look at each of these use cases.
Most corporate networks are basically flat. That is, any system on the internal TCP/IP network can see, and access, any other system. This simplicity allows for great flexibility. Authorization is handled at “a higher level,” not at the networking level. Thus, administrators can grant or revoke access rights centrally, through Access Control Lists (ACLs) such as LDAP or Active Directory.
The problem is that a flat network is totally exposed when a compromise occurs. If a hacker obtains control of an internal system, he may not have access rights to critical systems, but he can see them. He can map the network, determine system points, probe for open ports, and then use “canned” attacks to move “sideways” within the network and attack other systems. That is, once the burglar is through the front entrance of the apartment house, he can see all the doors and go test which of them are vulnerable to attack.
Stealth compartmentalizes a flat network. Systems can only “see” other systems that are in the same community of interest (COI). Systems in different COIs simply don’t respond to any form of traffic from the compromised system. The hacker can’t map the network, can’t determine system types, and can’t find open ports. Thus, the hacker is denied the most common, and most effective, tools of his trade. Before Stealth, the only way to partition a network was by rewiring and inserting routers and other gear at the partition points. Not only was that expensive, it was inflexible. If next week a different partitioning was needed, then wires and equipment might have to be moved again. Stealth does all that in software.
So, what happens if there is a breach? If a hacker compromises a web server that uses Stealth to talk to its application server(s), the hacker can certainly see and communicate with the application server(s). He can generate false requests for information and do damage within that application silo. But he can’t get out into the general corporate network. With properly (and narrowly) defined COIs, Stealth provides “watertight doors” between the compartments of the corporation.
To see why this is so important, consider the network infrastructure of a typical public utility. Everything is on the same flat network: from the accounting system to the process control network for critical equipment. In this age of Stuxnet and other viruses tailored to attack public infrastructure, that’s a very scary scenario. Malware can be introduced in all sorts of ways – infected USB sticks and flash cards, social engineering, “drive by shootings” that result from browsing compromised web sites. With Stealth, the critical process control network can be partitioned off from the corporate network, without any rewiring or additional networking hardware. That flexibility, and Stealth’s strong encryption, are two of the reasons that Stealth is so compelling.
It’s a fact of life that in many overseas locations, so-called private networks use communications lines owned by state-run telephone companies. These companies have been known to make the data, and the lines themselves, accessible to the governments that own or influence them. (It even happened in this country, lest we forget.) This exposes an enterprise not just to interception and theft of confidential data and intellectual property, but to the more insidious problem of impersonation. If a hacker has access to the traffic of an enterprise, he knows which IP addresses are legitimate, and he can impersonate one of the legitimate addresses not currently in use. Now he is on the corporate network, even though no system has been compromised (yet). Or in LOLcat-speak, “I R IN UR NETWORKZ, STEELIN UR DATA.” Only it’s no laughing matter.
Stealth can help. Here, the solution requires that the problem geography be its own Community of Interest or even better, a set of COIs with differing levels of access. Every system is equipped with Stealth; every user is placed in a particular COI, depending on his or her access requirements; and every boundary point between that geography and the rest of the corporate network has a Stealth appliance as a “border crossing agent.” Stealth assures the privacy of communications through encryption, but so would a Virtual Private Network (VPN). Stealth’s unique added value is again the Community of Interest. The Stealth appliance will not talk to or pass traffic from a non-Stealth node, even if it has a “legitimate” network address. In fact, it won’t even talk to a Stealth-equipped node unless the user has the proper credentials to get on the right COI. With strong two-factor authentication (smart cards or password-extending fobs, as well as passwords), that will be a difficult nut for a hacker to crack.
No security system is fool proof if there is help from the inside. If a hacker can get ahold of not only a Stealth-equipped system but also its user, through blackmail or subversion, then the hacker will be able to log into the user’s COI, because he’s using legitimate credentials. But Stealth is designed to make it impossible for a third party to break into the corporate network without cooperation from a local agent. Further, if the COIs properly separate users into different classes with limited access rights, compromise of a particular user would still limit any exposure to the user’s particular COI.
Just like the human body has more than just its skin as a defense against infection, corporate networks also need multiple defenses against attacks. Strong perimeter defenses must be accompanied by other strategies that function even when the perimeter is compromised. Stealth’s ability to dynamically partition networks provides additional lines of defense for an enterprise, as well as ways to minimize the vulnerabilities that arise from doing business in certain parts of the world.