Reference : Network Attacks and Exploitation by Matthew Monte
Principle of Humanity
The Defender consists solely of the people actively or passively preventing the Attackter from completing any portion of the operational life cycle.
Humanity And Network Layout
The human inertia of “if it ain’t broke, don’t fix it” often prevents any reconsideration of security. Detailed network diagram shows how the organization grew.
Because the influences in layout and technology of a network reflects stuff which are the influences of human in nature, the network itself will have an inherent humanity.
Humanity And Security Policy
Keep things working well enough that no one complains; improve them when necessary and keep management happy.
The humanity of convenience and habit will always trump security policy.
Principle of Access
It is attacker’s comfort, it is the Defender’s daily struggle; need to conduct all the jobs while keeping out the attacker.
Principle of Least Privilege: limit access to documents, DB, and etc. —> It requires seeking out feedback via the constant testing of security boundaries and the monitoring of access.
Access denied —> users notice —> complains.
Access mistakenly granted —> not notice / no problem with it —> no complaints —> not able to fix within close dates unless reported.
The Principle of Access gurantees the Defender will always be vulnerable.
The Defensive Life Cycle
The Offensive Life Cycel is : Start → Targeting → Inintial Access → Persistence/Access Expansion/Exfiltration → Detection
The Defensive Life Cycle is: Start → Privacy → Prevntion → Prevention/Constraint/Obstruction → Detection →Response
- Privacy : the management of the publishing of information used for targeting (기업구조 차트, 파트너십 계약 등) ; marketing may want to tout this info.
- Difficult to manage but can be an important counter to targeting.
- Prevention: can stop the Attacker from gaining initial access or persistence.
- Firewalls, spam filters, browser security setting …
- Also exercised via less technical means such as creating a sane network architecture, consistent updates, or training users.
- Constraint: limiting of lateral movement within a network. Counters access persistence and expansion.
- can be thought as an insider mitigation, except the case attacker pretend being an insider.
- Requiring most users to use nonadmin accounts is a good one
- Obstruction: hard for attacker to get data back out of the network.
- called Data Exfiltration prevention or data loss prevention.
- Imposing bandwidth quota is a simple example of limiting attacker’s ability to move the data.
- Detection: catchcall for finding and recognizing the Attacker during any part of the operational life cycle.
- No fixed way to ensure detection.
- Response: Action the Defender takes once realize the compromise.
Principle of Economy
Dynamism : the economy of resources will affect the administrator base (the true defender who is directily responsible for security). The people are inevitably tasktd with upgrading hardware, …. overall IT stuff.
Money may cost alot, but the benefits is not readily apparent untill after a robbery.
Risk-based decision : one that should be based on actual risk and not legal requirements, but a decision nonetheless.
This principle ensures that Defender will never devote as much time and attention to security as wanted.
The helpful Defender
- Targeting: 이메일 주소의 형식화. 이로 유저 계정 유지에 도움이 되지만, 공격자 입장에서도 도움이 됨
- Access : Ensuring compatibility and reliability while postpone the software update makes it vulnerable for a longer period of the time.
- Persistence: Upgrading on a fixed schedule. 유저와 공격자 모두 대비 가능
- Expansion: Centralizing administrative authority to a few users → may help lock down insider access, 이 계정이 뚫리면 엑세스 다 허용됨
- Exfiltration: 사람들에게 인터넷 접근 허용은 생산성 증가, 공격자와의 통신채널을 줄 수 있음.