Are your network monitoring systems warching for data exfiltration over voip ? Probably not.
I saw a great demo of a exploited system using voip to call into a conference number and the hacker calling into the conference number and isuing commands to the hacked system. He even had the hacked system read back the contents of a text file from its drive and the commands were issued from a simple dumb cellphone.
scary stuff.
Hackers continually scan prospective targets looking for vulnerabilities.
What if we analysed each request in real time and generated a reply to indicate we were vulnerable, when in actuality we are not.
The external hacker will try to exploit these false positives and give us, on the defensive team, more time to analyse thier attacks and gather evidence while not having to worry about the risk of the hacker being successful.
This will also help to hide the real vulnerabilities we may have in an ocean of false ones.
A new view of honey pots.
A honey pot has traditionally been a vulnerable system you place in your dmz (which has fake data on it)for hackers to attack so you can gain info on the attacker while the attacker thinks they have penetrated an important system.
Why not integrate a fake network in your dmz, add a few virtual honeypot systems with virwual firewalls.
Write a few extra input form pages in your production web apps which your regular users canot navigate to. These fake pages will be found by hackers doing eb scans and the form inputs can be pointed to a fake database on a fake server.
Giving the hackers all this virtual booty will slow them down allow you to weed out the more dangerous smart hackers, monitor them and gather info for a legal case if necessary.
Stay tuned for more.
Current information security doctrine leads to reactive security. We incorporate layers of firewalls and monitoring tools into our networks in the vain hope of stopping most hackers and slowing down and monitoring the smart few who can penetrate the security.
This defensive only playbbook is a recipe for disaster as can be seen in the news every week as company after company suffers data breaches.
With the complexity of modern networks and the inability to fully automate everything fully the human error factor will eventually leave an opening for hackers to get in.
Its time to re-evaluate our approach to security and take a page out of another playbook. The information security battle is just that, a battle between two teams, The good guys trying to protect confidentiality - integrity and availability of the data, and the bad guys trying to access that data or deny others access to it.
You dont win a battle by sidelining your offense. Admittedly legal issue prevent us from hacking the hackers but we can safely integrate passive defensive tequniques and systems to make it much more difficult for hackers to gain access. And if its too hard the majority of hackers will go looking for an easier target.
Passive Offensive can be implemented in a number of ways and I will describe them in following articles.
Lets play to win and not rely on a purely defensive network infrastructure.
