For those of you who follow the news, you may have read the recent story of spy software discovered at some of Israel’s leading companies which reads just like the spy stories we’ve been reading for years and if it wasn’t for the sacrifice of the likes of Roger Moore, and Pierce Brosnan, who knows where we would be today.
But that would be to miss the point completely. Firstly the imagined villains are in fact the victims, but more importantly the problem of spy software being prevalent in Israeli companies came as a result of one of the most comprehensive investigations involving computer crime ever undertaken. The Trojan had been introduced by providing companies with contaminated files, or sending a contaminated e-mail message to the companies. This also raises concerns that this evaded all the security measures in place at the companies infected.
Today our businesses depend on the exchange of electronic information with our business partners but many of the mechanisms that are used still rely too much on the goodwill of our business partners, or the integrity of the systems that they use.
Two of the most commonly used methods, FTP and Digitally Signed emails, using technologies such as PGP, are not really equipped to deal with this type of situation. In Israel, emails were being received from trusted business partners, so digital signatures on the email would possibly be considered trustworthy. In the case of files being shared using systems such as FTP, the presence of malware detectors was unable to identify anything inappropriate.
The bottom line is that we frequently depend too much on the trustworthiness of those we deal with, and unless we take appropriate measures to deal with the eventualities such as this, we are leaving ourselves vulnerable.
So are there measures we can take?
Well here are a number of suggestions that might help
1. Do not expose your internal networks to external parties – The process of transferring files in and out of the enterprise must be carried out without exposing and risking the internal network. No type of direct or indirect communication can be allowed between the partner and the enterprise network.
2. Ensure that the repository for files being moved back and forth is secure. While information is waiting to be retrieved by the enterprise or sent to the business partner, it must reside in a secure location. This is especially critical when the intermediary storage is located on an insecure network, such as the enterprise’s DMZ, outsourced site, or even the internet. Additionally you should take the steps to define what format files will have, and to ensure that they can only be deposited if they are virus free.
3. The environment for exchanging data should be a sterile environment – Encryption and other security mechanisms are not helpful if the security layers where the data is being stored can be circumvented. Encryption is good for confidentiality, but does not protect data from intentional deletion or accidental modifications. In order to build multi-layered security, a sterile environment must exist to accommodate and protect the security infrastructure. Creating such a sterile environment requires the creation of a single data access channel to the machine and ensuring that only a strict protocol, that prohibits code from entering, is available for remote users. Many file exchange technologies do not run in sterile environments. For example FTP Servers, a common method, are frequently nothing more than applications running on insecure platforms
4. Protect your data when it is at rest – The cornerstone of protecting storage while at rest is encryption. Encryption ensures that the data is not readable and thus maintains its confidentiality. But encryption that places high demands on managing is ineffective. A common approach for many organisations is to use a Public/Private key approach, but this is generally considered to be ineffective because of the enormous effort to maintain such a system. A Symmetric encryption model ensures a manageable and effective method to secure the data
5. Data must be protected from deletion and tampering – The protection of data by encryption is simply one part of the problem. Files may be accidentally or intentionally deleted or changed. Additionally you need to ensure that data cannot be tampered with.
6. Ensure that you are able to audit and monitor all activities – Comprehensive auditing and monitoring capabilities are essential for security for several reasons. First, it allows the enterprise to ensure that its policy is being carried out. Secondly, it provides the owner of the information with the ability to track the usage of its data. Thirdly, it is a major deterrent for potential abusers, knowing that tamper-proof auditing and monitoring can help in identification. Finally, it provides the security administrator with tools to examine the security infrastructure, verify its correct implementation and expose inadequate or unauthorized usage.
7. End-to-End network protection – Security must also be maintained while the data is being transported over the public network. The process of transferring data must be in itself secure, and there are several factors that influence the overall security of data transmission. As data transfer is an essential part of a larger business process, it is critical to be able to validate that this step in the process was executed correctly. This requires the solution to provide auditing features, data integrity verification and guaranteed delivery options. Transmitted data should be automatically digitally signed, thus ensuring the data delivery is complete and un-tampered.
8. Performance is a major issue in many networks, especially when using the Internet where Service Levels are difficult to guarantee. When large volumes of data and a high number of recipients are high, it is critical to ensure that performance is optimized. Compression should be deployed to reduce file size, and since network availability and reliability may disrupt the transfer process, automatic resume from the last successful checkpoint should also be a standard feature.
9. Ease of Integration with existing business processes – File transfer is usually part of a larger business process and needs to integrate seamlessly. This demands the ability to automate the file transfer process and thus integrate it with the existing business processes. In order to make this integration as simple and as seamless as possible, the file transfer solution must have extremely flexible and diverse interface, providing transparent integration. This also minimizes the amount of human intervention, and as a result can improve overall security by reducing the possibility of tampering with your data.
But of course no one is interested enough in what your business is doing to waste a few minutes planting some spy ware in your company. After all it only happens in the movies!