Creating Chokepoints

Chokepoints have been the key to security practices since the dawn of warfare. A chokepoint is a tight area wherein all inbound and outbound access is forced to traverse. Kings of old have understood that funneling enemies through a tight doorway makes it much easier to rain down fiery oils on them. Likewise, it is much easier to keep a thief out of a network when the network has only one gate leading in and out. In information security, chokepoints offer many advantages, including:

  • Security focus A chokepoint focuses our attention and resources on one area of control. This greatly enhances security while reducing the ultimate taxation on our resources.

  • Ease of monitoring Chokepoints greatly enhance our ability to monitor access and watch for intrusions. It is much easier to see enemies entering the castle when there is only one place to look.

  • Ease of control Chokepoints allow for a stronger breed of security control. It is much easier to implement good security mechanisms when only dealing with a limited space.

  • Cost reduction By filtering all access though one point, we will only need to implement one control device as opposed to implementing a separate control for every object. This reduces the time and materials required for the implementation and maintenance of security measures.

  • Exposure reduction By focusing on one or two areas of access, we introduce fewer opportunities for error and exposure than if we enforce security controls in multiple areas.

Chokepoints are a key element in maintaining a higher security practice. Creating chokepoints greatly reduces the infinite number of possible attacks that can take place, and thus are some of the best tools to use in information security.

Network Chokepoints

Network security uses chokepoints all the time. Rather than having all desktops dial into the Internet, it is common to consolidate traffic through a single controlled access point. Such chokepoints enable a high level of control on transactions between internal trusted networks and the outside world. Without such a chokepoint, higher levels of security would be needed at all entry points, making security much more difficult and expensive.

Every entry point from an external network into an internal network should be consolidated through one or more protected areas. Policies and practices in this respect should be focused on two things:

  1. Securing chokepoints via filtering and monitoring

  2. Ensuring that all traffic flows though chokepoints and that no new entry points are introduced

Common forms of traffic to force through a chokepoint include:

  • Internet connections, including inbound and outbound access

  • Vendor, partner, and customer WAN connections

  • Virtual private network (VPN) and dial-in access points

  • Wireless networking access points

Application Chokepoints

Chokepoints are important in both applications and services. User access into an application should be controlled by a module that filters and monitors activities. Rather than allowing a user to jump from service to service and having to enforce security on each, we should place the majority of the security focus on a single point.

If we take, for example, the Microsoft Windows 2000 operating system (or indeed, many other operating systems), we see that each workstation and server belongs to a larger domain that controls authorization, monitoring, and other aspects of security. Each user or group of users belongs to a specific domain. This scenario allows us to make the domain controller an application chokepoint. We do not need to rely on every workstation to authenticate users and log activities; we can simply forward authentication and logs on to the chokepoint controller. This allows us to focus security efforts in a central area rather than in each and every workstation.

Many other applications allow for access chokepoints, including some single sign-on and portal applications. Large organizations oftentimes develop a front-end application that secures access for many back-end applications. Applications that create an access chokepoint are very helpful in securing large organizations.

Social Chokepoints

Just as our networks and applications can be directly exposed to attacks from external entities, so can our employees, executives, partners, and customers. It is important to understand that, in the average organization, employees are given a great deal of information that is useful to a hacker. If every employee is in direct contact with everyone else in the world, then there is a great potential for a social engineering attack to perform. No doubt, one employee will prove to be the weak link within the social chain and disclose sensitive information to an attacker.

Creating a social chokepoint can be accomplished in many ways. In extreme cases, employees are not allowed to directly contact the outside world during business hours. This approach, however, is not applicable to many organizations. A good solution for many organizations has been to create virtual chokepoints for specified types of information. For example, employees can be trained that passwords and other sensitive information can only be discussed with a very specific group or department in a very specific context. Some form of predefined verification process must occur before such information is disclosed. Meanwhile, employees will be informed about confidential information, and that such information will never be solicited via email, outside phone calls, Web browsing prompts, or other unsafe contexts. Such techniques can be used to guard other information, such as employee names, phone numbers, physical security measures, access points, as well as passwords and other technical security measures.

Consolidating Chokepoints

At first glance, we may conclude that all access should be consolidated though a single chokepoint. Indeed, for some organizations, this is the best choice, but certainly not for all. When allowing access though a chokepoint, we are essentially opening a hole and potentially a vulnerability in our defenses. If, for example, we make both the Internet and trusted partners filter though the same chokepoints, we may experience some undesirable results. An untrusted entity, for example, could try to gain access by masquerading as a trusted partner, or by simply attacking the partner and attacking our organization from there. A chokepoint that controls 100 access points will be very difficult to properly secure.

For small organizations with few network connections, consolidating all access though a single chokepoint is probably the best option. However, for larger organizations, it may be desirable to separate access between multiple chokepoints, keeping higher risk enforcement policies away from more trusted ones.

A Note on Singe Points of Failure

One inherent problem with chokepoints is the tendency to introduce a single point of failure into the environment. If a component running a chokepoint service were to fail, the effects would be far more dramatic than if a component controlling a single access point failed. As such, it is important to increase the availability measures taken in relation to the number of access points consolidated. If, for example, we forced the Internet, our partners, and all dial-up traffic though a single chokepoint, we would most likely desire to add a level of redundancy by introducing a redundant chokepoint.

Applying the Chokepoint Concept

Here are some simple steps to take when contemplating chokepoints:

  1. Identify all access points to a particular resource or related set of resources.

  2. Consolidate all such access points though a single security object.

  3. Enforce tight controls, monitoring, and redundancy on that security object.

  4. Establish a policy for future access points, stating that they must be filtered through an approved chokepoint.

  5. Continue to test and scan for new access points that do not filter through a chokepoint.



Inside the Security Mind(c) Making the Tough Decisions
Inside the Security Mind: Making the Tough Decisions
ISBN: 0131118293
EAN: 2147483647
Year: 2006
Pages: 119
Authors: Kevin Day

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net