Ecosystem of Breaches -- Networking
As I have talked about the ecosystem where data gets exposed, we've explored a bit about data storage and a bit about the processes and services that handle that dat, but now let's talk about networking. We can refer to this as data in flight data in motion or just plain old networking.
The edge of the network no longer exists. Traditionally we've thought about having a local network, a data center or a home network. At the edge of the data center we have a gateway and firewall or at home we have some sort of a of a router that acts as a firewall.
We think about this as the wall around the castle and everyone inside of the castle should be safe. But we know that's not true anymore. We know it's not true because a service may get compromised inside the data center, but we also know that it's not true because of the threat of Internet of Things (IoT).
We have a growing number of devices televisions baby monitors or smart speakers our light bulbs. These are all things that are sitting inside the home network, but even in the data center in the enterprise network has appliances like routers and data storage and other kinds of monitoring devices which may, themselves become compromised.
This threat is growing and we can't trust any communication without again identity and some sort of context for why things are talking to each other.
It's also incredibly important to have VPN when connecting to our enterprise systems; actually, it’s incredibly important when connecting to anything. We should be on a network that we trust.
We also need to manage our own DNS. We have a tendency to trust the name server for the coffee shop and to trust the name server on our own local network. When our internet provider like our cable company provides resolution to a domain name we assume it's correct, but we really don’t know that for sure. We should really be using DNS that we trust and that includes on your mobile device and maybe even on some of these other devices like all that IoT.
Network data itself is a thing data gets cached along the way in different devices on route to and from your final destination. As a developer or network manager, you have to understand how you're constructing that cache so we know that we're not accidentally exposing things that we shouldn't be exposing.
There's also the problem of verbose logging. We send a lot of information through devices along the network so we're not necessarily talking about it just in flight but those little places that it stops along the way and may get written down as having passed through that point. What details get captured at that point and whether capturing that data is actually an appropriate thing to do is a critical question. I’ve seen personal information that shouldn't be shared and keys and other details that provide ways to hack further in and get even more data.
This means we have to consider the termination points for our encryption. We very rarely actually encrypt all the way from your device to the backend service. There are usually routers and other spots along the way which stop decrypt and then re-encrypt. Understanding these termination points and the cost of decrypting and encrypting or the cost of maintaining encryption along the entire route is something that we need to always be thinking about.
So, to review,
- The Edge no longer exists
- IoT is a growing threat because it’s inside your network
- We scatter data along the way
- Things rarely stay encrypted