It's important to build a new network model that resembles the peer-to-peer roots - Important Qs to answer How recommendations can bring developing new perspectives and changes in # of outages?

Author- Arindam Bhattacharya

Peer 2 peer models were successful much before even today's internet though it exists even today but in dark net. The purpose or intent was good to safeguard against online surveillance, privacy or overall confidentiality over internet, however, misuse started soon after it launched and that enforced Govt to ban such network's lagal usage and so, today such networks are not official and legalized. 

The concept if leveraged, to the traditional white networks, may bring good relief against exposure of security weaknesses, however, there is no guarantee that it would not be misused again. 

Traditionally, server side being deployed with modern security stacks, possibility of a breach taking place at the host layer is comparatively lower unless the resources that it's hosting have some vulnerabilities. Alternatively, the hosted services, may be virtually patched to overcome such weaknesses incase if the vulnerabilities are not mitigatelable due to some reason.  

So, compromising the user network and laterally moving to those host layers from inside is easier due to the inherent weaknesses that highly exists in internal network due to lack in security controls. Adversary community prefers the later option due to ease of compromise options. 

Here comes a peering technology's advantage while, within a set of trusted or untrusted parties it constructs a tunnel through an agent ( or client) install in every user node. 

That helps developing a private network over internet. The usefulness comes in where a sensitive cloud services need not keep listening to the world unnecessarily rather shutting down public interfaces and configure it to listen only from a specific network where the real users sits. 

Principally, this a good proposition and the same concept can be applied through APIs in multiclod communication privately ( creating a trusted cloud all together)  but the problem is customers cannot leverage their customer facing services entirely on such private network due to reachability issues. 

As we now know, even though such cannot be beneficial for entire sets of services, but atleast for the sensitive business services can be made hidden from public networks and that partially could offer little relief. 

While implementing we need to ensure 

1) Very high EUC compliance because if threats present in such end-user nodes, it may carry over such private networks as well..

2) Separate internet gateways entirely and if the type of operations are sensitive in nature, there is nothing wrong to reduce further risks.

A typical proposition would be to use virtual desktop and deploy such private agent on those desktops and achive the desired results in a best possible ways while considered the VD connectivity is over vpn.

While P2P technologies brings good propositions, but only P2P cannot solve the security issues and we need to extend our focus even all partnering ecosystems. 

Security never improves due to incomplete information. Information are suppressed to supress the accountabilities. More, the complete information is available, more it's easy to overcome challenges and thus modelling a new network would be possible. 

While existing security technologies too powerful but basic weaknesses of such technologies are that they need to trust the underlying or upstream security layers and thus contamination is highly possible through interfacing services. When we see collective traffic as a stream but failure of one security or multiple, it's a collective failure. 

Thus security is a joint responsibility among technologies, among vendors, among businesses.- together forming a trusted supply chain addressing security issues both inside and outside. 

It requires a thorough assessment of the current security of the enterprise alongwith all placements, postures, partners and happenings across onprem, relevant public and cloud. There are several dimensions to such assessments covering basic to advanced level scrutiny through a phased approach. Post such assessments, organization knows what are the scope and how a better security model can support to reduce security pain areas.


Comments

Post a Comment

Popular posts from this blog

Secure Key Management- An important risk carrier

Author : Arindam Bhattacharya Password and key management are the 2 most important element of data security. As businesses have gained more reliance on data, the data stakeholders along with other application agents, both are slowly developing extended risks. While password weakness can impact the entire business services, weak key management can push towards major data breaches. As of now both are going by the standard technology and processes but there are unknown factors that may cause secure status to marginal.  While data stakeholders are nothing but the business and application users, residents are the application agents (please read as module responsible for authentication and authorization) those are native or integrated with the application. These residents can bring unprecedented risks by the way they are developed or integrated.  Keylogging can happen anywhere - especially in a software driven ecosystem  and it's becoming an open secret. As a user, one may deve...
Read more

BPRFPC: An abstracted Architectural model for an End to end view

Author: Arindam Bhattacharya Good and flexible architecture models are yet to exist while there are several good initiatives on developing some guiding principles to assist the community on Architectural best practices.  However, this article is yet another attempt to simplify the architeutal ingradients at very high level so exploring in depth could be possible with the acquired knowledge.  Architecture is a foundation for any technical know how's and a model is the engine of that foundation that orchestrates everything together. Below are the general components of the proposed model. 1. Business - Keeping business out, no architecture could be meaningful. Business is where the Strategies & Needs are defined and everything else needs to align with the Business. So, business is always the "WHO" context. 2. Product - The purpose of the Business is revenue through a Product. The product may constitute anything which is presented to the clients, even a service, or an app...
Read more

Detection and Response of APTs became an ultimate goal of Cyber Security and security services can't ignore this fact anymore

Author- Arindam Bhattacharya When cyber security compromises taken place, it has already passed through multiple defense layers to attain the final goal of persistence those are very hard to detect because of the family of compromises involved, no independent traffic but a carrier in others service entities. The time such activities detected (appearing  false positives or true positive?) that means the multi layer kill chain compromise already took place prior but the silo incidents are overlooked that intern gave a room for an unknown security breach for longer with no clues. When a network operation is of sensitive nature and that "unknown factor" indicates there is an issue in multiple dimension - Capability, Hygiene and Maturity etc.  Detection challenges are more in "on premise" than Cloud that has an offer for stricter policies & controls but compliance "in the cloud" sometimes remains a challenge due to absence of full stride solutions - meaning...
Read more