| As I stated in Chapter 6, Making Security Decisions, in the section that discussed secretless security, good security does not keep any secrets and yet remains secure. Once objects have been secured, however, keeping them secret can only help to further protect them. The importance of secretless security is to never rely on a secret to remain secure. Secrecy, however, can be used to enhance security once all other measures are in place. The two main advantages to making us and our objects invisible are: Before we are able to conceal ourselves, we must first recognize from whom we are concealing ourselves and what we need to hide. We are already most of the way to our goal since we have defined our common targets and the enemies who are likely to attack them. Now we must work to make our presence hidden from these people. The approach here is to recognize how we will be seen by hackers and how to take preventative measures to avoid them. What to Hide From When I talk about hiding from enemies, I am really talking about undermining the tools they use. To hide treasure from a thief, we must place it somewhere where it cannot be physically seen; to hide assets from an electronic thief, we must configure them so they cannot be electronically seen. What Makes Us Visible? What gives us away and makes us visible for attack are services and information that we make externally accessible. It is desirable to conceal any and all information that others don't need to know about by following the Rule of Least Privilege. Any information that is not required by others should be concealed. Don't think in terms of what you should hide as much as thinking about what you absolutely need to show. Becoming Invisible Like the other topics in this book, becoming invisible is a universal concept that applies to everything within the organization. For any given object that is implemented, the following steps should be taken: Discover what information the object gives out by default. Many devices and applications include network management features to simplify identification, so be especially mindful of these. Common features include Finger, Whois, Banners, SNMP, and a wide variety of discovery services. All such services should be disabled or restricted to allow only that which is necessary or highly useful. Consider all the ways in which the device will be visible to others. Is the object on a network? Is it advertised in some way, or is it sitting in front of an open window? Most systems and devices answer networking requests like Ping, Telnet, and other services by default, so keep an eye out for these. Apply the Rule of Least Privilege on all perimeter devices, including firewalls, routers, hubs, switches, and servers. It does not matter whether or not a service seems harmless. Unless there is a direct need for a particular service, it should not be allowed. This includes simple services like Ping (echo request and reply).
Here are some techniques to help ensure your networks and systems remain invisible: Limit the methods by which electronic information can be gathered Be sure to disable any extra services not running on a system or device. Watch out for common communication services like Ping, SNMP, Telnet, and Finger. Always use network address translation (NAT) for outbound communications Whether on the Internet or with your partners and vendors, NAT is a great security tool to use. By talking to an external entity with your own IP address, you give the receiver of the communication, and everyone listening, your internal IP address. This can greatly enhance a hacker's ability to launch an attack. Use NAT for inbound communications whenever possible External entities should not know the real internal address of services they are accessing unless absolutely required. Train employees and make policies related to secrecy All employees should be trained in an official process by which the local administrators work. Outside of this, all other attempts to gain information should be considered an attack. If an employee receives a call or email requesting information, he or she should check with a manager to make sure it is a legitimate request. Enforce unclassified administration The organization should adopt a policy that states no employee, including administrators, will ever request or use another employee's login or password. Nowadays, most applications should be built to hide user account information and not require administrators to know the passwords. Making this a general policy, employees no longer have to think about whether or not to give out a password to a hacker in disguise. This makes it much harder for hackers to solicit passwords from employees.
|
