By Dovell Bonnett Written by: Dovell Bonnett on April 27, 2012.
Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. WinterfeldCyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…
Chapter 5: Logical Weapons.This chapter is chocked full of valuable information. Instead of going through the details of all the tools discussed, I think that startling insight into the defense of these attack tools is more important. I do, however, strongly suggest your read this chapter to get a better perspective on the types and capabilities of the available logical access weapons.
The weapons or tools available to cyber warriors are vast and many are free and open sourced. The non-government and non-military attackers are using common or customized tools. At times the same tools used to investigate an attack are also the same tools used to attack. While many may believe that the government and military warriors have highly specialized tools, the authors suggest that they are using some of the same commercially available tools.
The authors break down the tools into 7 different classifications where each tool builds off its predecessor:
1. Reconnaissance – Used to gather general information about the network or system to be attacked. No attack has occurred.
2. Scanning – More targeted information gathering about the systems mapping, ports, and enumerating users. Again not really an attack yet.
3. Access and Escalation – The most available tools to gain access into a system and escalating the privilege levels of the attacker. A common tool includes password cracking/capturing. Now the attack has begun by gaining unauthorized access.
4. Exfiltration – Using different means to physically carry out data on memory sticks, hiding data in messages, protocols that are not secure and “out of band methods” like cell phone cameras coping information. Theft of information.
5. Sustainment – These are methods in which once access into a system has been achieved, the attacker wants to have hooks in place to return back into the system undetected. Two common methods include created an authorized account for the attacker and/or placing backdoors into applications or system. Long term attacks causes the fines and costs on a company to increase.
6. Assault – After a system have been investigated and access has been achieved the third major component to cyber ware takes over, the manipulation and modification of the system to perform unauthorized activities. These activities can include creating botnets, Denial of Service and other destructive attacks. Now the attacks start spreading from the inside so less reconnaissance and scanning is required.
7. Obfuscation – Finally, once the attack has begun the cyber warrior needs to cover his/her tracks, to cover up the nature of the attack and where any important information is being sent. This is where tools that obscure and manipulates logs, files and locations are used.
- Reconnaissance is difficult if not impossible to defend against since most of the information gathered is found just by visiting a website. The authors best defense suggestion is to limit the amount of information available. As a personal side note, the same defense suggestion should apply to social media sites too. Don’t include to much personal information.
- Scanning is also difficult to prevent and the best defense is to not send out traffic that can be visible to unauthorized people. Encrypt documents, emails and don’t run services on standard ports.
- Access and Escalation defense is mostly around strong passwords and password policies, keeping operating systems and applications up-to-date, and incorporate system hardening measures. An eight character password what includes uppercase, lowercase, numbers and symbols will take a computer, running 100,000,000 combinations a second, two years to try all 7.2 quadrillion possible combinations. However, complexity is only a part of the defense. Adding password management components removes the threat of multiple site usage, post-it note security and non-authentication.Next, close down ports, services and accounts that are not required.
- Exfiltration can also be very hard to defend against because there are so many avenues of documentation and information leakage. About the only suggestion is to add security classification nomenclature to documents and restrict their viewing similar to what the military and government does. Also, better screening and background checking may help before allowing someone access to sensitive data.
- Sustainment backdoor defense is done by first making access to the system to insert code difficult, and second by performing periodic audits. While auditing is time consuming it is a very important task. Audits are best when done mannually.
- Assault are also classified as something that is difficult to defend against. Once administrative right have been granted, it is virtually impossible to control what changes are made. Prevention with strong passwords is still viewed as the best defense.
CONCLUSION:When it comes to protecting against the cyber attack tools there seems to be very little defence. What frustratites me the most is that Congress is busy passing laws putting the onis on large and small companies to protect data when the very operating system, browsers and applications these companies are using are filled with holes. It seems that the best a company can do to protect data is 1) encrypt, 2) limit the amout of information they put our on the web, and 3) to really beef up their password security policies. But just requiring longer and stronger passwords is not enough. If passwords are too cumbersome for they user then those same users are more likely to write them down on notes, in speadsheet or on whiteboards that are easy to find.
The posts I am writing about Cyber Warfare is not designed to promote the products of our company Access Smart. However, after reading this chapter and that the best defence is secure passwords, I have to at least ask that you look over our Power LogOn – Password Manager for Windows solution.
In the english language the prefix “Pro” means to be for something, whereas the prefix “Con” is to be against something. So then the opposite of “Progress” must be “Congress”.