Online to Offline B...
 
Notifications
Clear all

Online to Offline Bridging (OOB)

6 Posts
3 Users
0 Likes
564 Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Based on the assumption that Offline is secure and Online is not, we for a long time tested several solutions. But all these trials fail at the direction of Online to Offline (On-Off) by possibly importing malcode (after internally infected). This vector is first highest dangerous and to fight it is our highest priority. A top NGFW does normally this job, we run a 100kUSD appliance.

But there must be a new approach to prevent the On-Off blowout.

Does anybody research in this field and runs e.g. a Multipath Clones Random Drawbridge (MCRD) based on multipath TCP?

Beat Criminals Radically!

 
Posted : 20/05/2017 12:05 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

What - exactly - are you trying to accomplish?

 
Posted : 20/05/2017 5:22 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

We think in two entities Malicious outside (online) and Clean inside (offline towards outside). By never getting close or in farsight these two domains nothing would happen. But we have to bring in data from outside to inside. And after we have to bring data from inside to outside. The inside-outside process we can manage by unidirectional data flow.

But we fear getting hidden or decepted code from outside to inside. DPI does not solve the problem as we already had malcode in standard protocols like RTSP.

The absolute first time malcode comes in, we lost the war. This we want to avoid at any price.

We search for absolute protection on two digital domains separated but adaptive bridged as short as possible and absolut secure.

Absolute Security. Everybody says not possible. We think different. Has to be possible.

Do you understand our dilemma?

 
Posted : 20/05/2017 9:16 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

It isn't possible, but you can minimise the risk. Having worked for the government, i say that you can come as close as 99.999% security, 100% is impossible - that generally means that the system is unusable roll

What it all boil down to is
1. How well trained your staff is. Is there a training budget? Can you find skilled candidates?
2. How big your security budget is. Can it grow if necessary?
3. How serious the organisation is with security, i.e. prioritise Security over IT Maintenance.
4. The skill of leadership and their willingness to stand up for the cause.
5. How flexible the systems are in implementing security, i.e. administrative procedures (certification/accreditation/bullshit) need to be subordinate to ACTUAL SECURITY.

If you read these and think "my organisation is not prepared", well - then that needs to be fixed first.

As for data, you need to neutralize it before it can do damage, just like the way chlorine water purification tablets purify water (given enough time). Move the data into a "staging area" before it is accepted into the lab for examination, then do the following

1. Convert data to a non-scriptable format, i.e. a webpage to PNG.
2. Rewrite/Refactor data - like document.replace("<script>","")
3. Run it on other platforms (Linux vs Windows vs Mac).
4. Sandbox it (vmware/virtualbox with revert to snapshot capability).
5. Have humans analyse it.
6. Isolate it (physical segmentation / data diodes). Does not include firewalls.
7. Have backup procedures for all active work if something should happen.
8. Use crypto (TLS and storage).
9. Vett the staff responsible for all this regularly.
10. Perimeter security (fences, cameras, armed guards)
11. Tempest shielding (if you're truly paranoid, it's less of a threat than most ppl think).

 
Posted : 21/05/2017 4:19 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Great response and detailled recommendations very helpful. Thank you MDCR.

We here are excellent prepared and awareness is very high. The human-related risk is reduced as much as possible and human-failures are mapped into processes of double- and many times tripple-checked access controls.

But we want to be more paranoid to the extremest. Security has to be defined not by 0 to 100 and then reaching 99.xxx% but from 100 towards 0 downwards. We want to exactly know the delta we lose from 100% downwards. Risks even minimized have to be fully transparent and visualized to focus very sharp on our own attack vector.

For this we decided to as default expect to be hacked and try to run our organization in general in the 'recovery mode' after a attack. Sensible data are handled as much as 'if they were stolen' means to put as few information in it as necessary. Sensible know-how we turned to put away from the digital layer and keep in 'Two Brains' and we call this approach Two Brain Redundancy (TBR).

A high or very high level of security slows down any process and increases the cost extremely. So the most important issue was to process to split information into slices. But on the other side we streamlined all processes to improve speed. The issue of cost was reached by hardly focusing on COTS and reuse of old systems.

But it remains the Opening a Door Dilemma (ODD). How do you know who stands before the door? Are you able to earlier observe who moves towards your door? At the moment you open the door you open the security. And this highly dangerous moment of 'letting in data' I fear. Actually we run a project to re-analog internal data flows. Digital-to-Paper and then Paper-to-Digital to break the digital flow.

You cannot be too paranoid. Seriously. For this we work on the MCRD.

 
Posted : 22/05/2017 12:02 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

But it remains the Opening a Door Dilemma (ODD). How do you know who stands before the door? Are you able to earlier observe who moves towards your door? At the moment you open the door you open the security.

I don't know in Switzerland, but in Italy most banks have a DD (Double Door) usually made of BPG (Bullet Proof Glass).
The outer door ONLY opens when the inner one is closed (and the inner one can ONLY be opened after the outer one is closed), i.e. you can have only the three possible 0/0, 0/1 and 1/0 statuses (but NEVER the 1/1 which would be "pass-through").

Then you can take your time examining WHO came past the outer door BEFORE opening the inner one.

Surprisingly this same approach (actually conceptually very similar to the "staging area" MDCR suggested) has been used for such things as accessing a protected environment area (and in the space within the two doors you make sure that - say - all viruses are killed, you may like the parallels with computing) or for pressure hatches/airlocks in ships, submarines and spaceships.

Some people call this SODDing (Solving Opening a Door Dilemma), the verb can actually - I believe - be used in sentences like "sod this door, it is stuck" roll .

jaclaz

 
Posted : 22/05/2017 10:26 pm
Share: