Chokepoints have been the key to security practices since the dawn of warfare. A chokepoint is a tight area wherein all inbound and outbound access is forced to traverse. Kings of old have understood that funneling enemies through a tight doorway makes it much easier to rain down fiery oils on them. Likewise, it is much easier to keep a thief out of a network when the network has only one gate leading in and out. In information security, chokepoints offer many advantages, including:
Chokepoints are a key element in maintaining a higher security practice. Creating chokepoints greatly reduces the infinite number of possible attacks that can take place, and thus are some of the best tools to use in information security. Network ChokepointsNetwork security uses chokepoints all the time. Rather than having all desktops dial into the Internet, it is common to consolidate traffic through a single controlled access point. Such chokepoints enable a high level of control on transactions between internal trusted networks and the outside world. Without such a chokepoint, higher levels of security would be needed at all entry points, making security much more difficult and expensive. Every entry point from an external network into an internal network should be consolidated through one or more protected areas. Policies and practices in this respect should be focused on two things:
Common forms of traffic to force through a chokepoint include:
Application ChokepointsChokepoints are important in both applications and services. User access into an application should be controlled by a module that filters and monitors activities. Rather than allowing a user to jump from service to service and having to enforce security on each, we should place the majority of the security focus on a single point. If we take, for example, the Microsoft Windows 2000 operating system (or indeed, many other operating systems), we see that each workstation and server belongs to a larger domain that controls authorization, monitoring, and other aspects of security. Each user or group of users belongs to a specific domain. This scenario allows us to make the domain controller an application chokepoint. We do not need to rely on every workstation to authenticate users and log activities; we can simply forward authentication and logs on to the chokepoint controller. This allows us to focus security efforts in a central area rather than in each and every workstation. Many other applications allow for access chokepoints, including some single sign-on and portal applications. Large organizations oftentimes develop a front-end application that secures access for many back-end applications. Applications that create an access chokepoint are very helpful in securing large organizations. Social ChokepointsJust as our networks and applications can be directly exposed to attacks from external entities, so can our employees, executives, partners, and customers. It is important to understand that, in the average organization, employees are given a great deal of information that is useful to a hacker. If every employee is in direct contact with everyone else in the world, then there is a great potential for a social engineering attack to perform. No doubt, one employee will prove to be the weak link within the social chain and disclose sensitive information to an attacker. Creating a social chokepoint can be accomplished in many ways. In extreme cases, employees are not allowed to directly contact the outside world during business hours. This approach, however, is not applicable to many organizations. A good solution for many organizations has been to create virtual chokepoints for specified types of information. For example, employees can be trained that passwords and other sensitive information can only be discussed with a very specific group or department in a very specific context. Some form of predefined verification process must occur before such information is disclosed. Meanwhile, employees will be informed about confidential information, and that such information will never be solicited via email, outside phone calls, Web browsing prompts, or other unsafe contexts. Such techniques can be used to guard other information, such as employee names, phone numbers, physical security measures, access points, as well as passwords and other technical security measures. Consolidating ChokepointsAt first glance, we may conclude that all access should be consolidated though a single chokepoint. Indeed, for some organizations, this is the best choice, but certainly not for all. When allowing access though a chokepoint, we are essentially opening a hole and potentially a vulnerability in our defenses. If, for example, we make both the Internet and trusted partners filter though the same chokepoints, we may experience some undesirable results. An untrusted entity, for example, could try to gain access by masquerading as a trusted partner, or by simply attacking the partner and attacking our organization from there. A chokepoint that controls 100 access points will be very difficult to properly secure. For small organizations with few network connections, consolidating all access though a single chokepoint is probably the best option. However, for larger organizations, it may be desirable to separate access between multiple chokepoints, keeping higher risk enforcement policies away from more trusted ones. A Note on Singe Points of FailureOne inherent problem with chokepoints is the tendency to introduce a single point of failure into the environment. If a component running a chokepoint service were to fail, the effects would be far more dramatic than if a component controlling a single access point failed. As such, it is important to increase the availability measures taken in relation to the number of access points consolidated. If, for example, we forced the Internet, our partners, and all dial-up traffic though a single chokepoint, we would most likely desire to add a level of redundancy by introducing a redundant chokepoint. Applying the Chokepoint ConceptHere are some simple steps to take when contemplating chokepoints:
|