When in doubt, isolate it out
When thinking about a title for this article, my mind drifted back to my first Calculus professor in college. In his effort to make Calculus “easy” for we life science majors, he used the expression “when in doubt, differentiate it out.” This may in fact be a metaphor of sorts for the network hyper connectivity that characterizes the 21st century so far - when in doubt, connect it!
Anyone today who works with systems, even casually, is used to being able to connect to anything from anywhere. As an example, I frequently carry my iPad in my backpack during hikes, so I can connect to customer systems in case of emergency. In this, I am far from unique. From my office, by clicking the right icon, I can communicate with any of my customer’s key systems.
This week, researchers discovered the first known ransomware variant that attacks networks, not just individual systems. This has been a trend in the ransomware world. First, the local hard drive was the target. This soon expanded to mapped network drives, and then to any network shares on the network. Now, this malware goes after the entire network.
It seems to me that we may be shooting ourselves in the foot in our trend toward hyper connectivity. By making everything readily available to us on the a network, we are making systems and devices easy for the hackers to reach as well.
A couple of recent stories underscore the problem. It was reported this week that the popular HID door controllers, used to open doors using an access card, had a significant vulnerability. They are usually connected to the network for the convenience of the administrators. Unfortunately, this connectivity can be used to manipulate them. A researcher stated that he could send one byte of data to a door, and open it.
The other major story is ransomware attacks on hospitals. A modern hospital today has literally everything connected to the network. With their individual PCs connected, they are not much different from any other business. When you add medical devices such as IV units that directly impact patient health to the mix, it is downright scary. Our current connectivity scenario is a bit like leaving a key and map to your valuables posted on your front door at home just to make it easier on the burglar.
So, what can we do about it? The solutions are not pleasant, given how used we have all become addicted to having everything readily accessible. There are some incremental approaches we can take while we undergo withdrawal:
You don't have to connect a device just because it has a network jack
Or for that matter, wireless capability. When you buy something that can be connected, think long and hard about why you need it available on the network. If you can't come up with a good reason, don't A good example is wireless-capable printers. Many printers out of the box can do USB, wired network, or wireless network. I have seen countless such printers that are used with only a single PC, and yet are attached to the network.
Watch those network shares
When a server or NAS device are used, our tendency is to put our files in a few folders, and share them all. Earlier this year, one of my customers was hit by ransomware. Their data, which resided on a NAS, was shared out of necessity due to their multi-user tax system. All the data in the shared drives was encrypted. The only reason their backup drive did not get encrypted was that it was not shared. With ransomware now targeting shared data, think about what you share. If your data must be shared, you can make it a bit safer by making it read only.
Isolate key devices from the Internet
If you have a particularly sensitive device, isolate it form the Internet. As an example, let's say you are a doctor, and have your EKG machine networked so that you can store the results on a server. It is possible to have a physical network that is isolated from the Internet. This may involve multiple wired networks, or perhaps a wired network that is isolated, and a wireless network that connects to the Internet. You can even accomplish this to some degree logically by using a firewall to prevent any Internet traffic from reaching a device. There are a variety of possible designs that accomplish this isolation, but if you do it, you don't have to worry about outside hackers getting to the sensitive devices.
Limit administrative privileges
One of the challenges today in protecting networks is the fact that so many users have administrative privilege. Most users I work with have local administrative privilege on their PCs, and many also are administrators of a server. I advocate using two logins on a local PC - a nn-privileged one for day-to-day use, and another, used for software installs and similar functions, that is privileged. This approach almost eliminates the chance of ransomeware and much other malware. Similarly, use a different login for server administration. You can even restrict the use to privileged server accounts to a single PC.
Bottom line -- we can solve many of our information security woes by not leaving a roadmap for the thief on our front porch. Think through your network design, and employ isolation when you can to prevent or limit damage.
Concerned about ransomeware? You should be, as it is an epidemic. Inoculate yourself by reading our free guide - How to Avoid Ransomware.