Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Industry Solutions and Trends
Cybersecurity is not all rocket science, remember the basics…
11.30.16

Cybersecurity makes headlines: records stolen, systems taken offline, data held to ransom, identities cloned; these are just some of the breaches that business is working hard to stay ahead of – we all read the headlines, no-one wants to BE the headlines.

 

How do you avoid becoming one of the headlines? As fast as you move, the bad guys can move faster. You need to monitor and protect every surface, they only need to focus on finding a single weak-spot. What can you do? Start with, and maintain your basics, 100% of the time.

 

Here’s a recent example of where you could argue the basics were not done well

 

Over the weekend of 26th November, San Francisco’s Municipal Transport Agency (known as Muni) was hit by a ransomware attack demanding 100 bitcoins (about $73,000). This may not seem a lot compared to recent mega-breaches, but this hacker is a regular extortionist with similar amounts – keeping small enables him/her to stay under the radar.

 

The Muni attack was particularly newsworthy as it

 

  • hit the world’s tech capital
  • impacted public services – a scenario which worries those outside of the tech bubble
  • led to Muni offering free rides on the system

 

Picture1.png

Picture from @CBSSF

 

But, one detail really stuck with me

 

 

The initial infection was from a Windows 2000 Server

 

 

Re read, that and think about it

 

Windows Server was released over 16 years ago, and received it’s final security update from Microsoft over 6 years ago in July 2010. There are good reasons to have old systems still running, but the risks they introduce need to be managed more than ever before

 

Any device like this should be seen as a massive security risk on a network. It should be isolated, backed up, operating system hardened and assumed that it could be compromised at any time. But instead the server was able to then spread the ransomware to 2,000 of the 8,000 computers that Muni operate

 

This reminds me of a recent conversation with a security expert who works to protect vital national infrastructure. In it the one recurring theme was that network security is often not about the newest technology from the latest start-up. But it is really about just doing the basics right. Not having end of life operating systems on servers wherever possible is just doing the basics right

 

Other recent examples of missing obvious gaps or not following best practice include

 

  • The TalkTalk hack from October 2015 which was originated via well know SQL injection vulnerabilities on an old server for a Tiscali website, see more here.
  • Dropbox were hacked in August 2016 using login details from an employee who reused a password that was breached in a very public attack on LinkedIn from June 2012
  • The stolen LinkedIn passwords from 2012 were also easy to decrypt as they had failed to follow best practice and use a salt when hashing

 

Where an old server is needed, it should be locked down so that it has only the network access it needs, and a bare minimum of software and privileges available

 

Of course, this sounds simple. But, in reality it isn’t. Organisations have thousands of devices, each with hundreds of legitimate processes and applications running on them. To make sure that you’re “doing the basics, 100% of the time” is a job for a skilled project manager with a very keen eye for detail

 

Technology can also help you get the basics right. At Juniper, we believe you need to move away from the old perimeter security model to one where you enforce security across the whole network. This allows you to

 

  • Enforce security on every network device instead of solely at the network edge
  • Identify suspicious activity within the network, not just at the perimeter
  • Proactivley block the connectivity of compromised or suspicious devices to stop threats spreading
  • Use centralised software to control a multi-vendor environment with simple to understand rules

 

All of this is being brought together in the Software Defined Secure Networks solution from Juniper.

 

But, whatever your security approach: don’t forget to do the basics well, 100% of the time

 

 

Footnote: it appears that the hacker may have picked the wrong victim this time. It appears that they have been hacked themselves in response to the Muni attack. See Krebs for more information

Top Kudoed Authors
User Kudos Count
16
15
15
10
7