What To Expect When You’re Expecting Hacks

Security In A Highly Vulnerable Environment

EmilÆMaxima
Sep 9, 2018 · 6 min read

They say, ‘ya don’t have to run faster than the bar, you just gotta run faster than the guy behind ya.’ Defending a network full of security plebs offers a challenge to a seasoned network security professional, but maybe there’s a chance that in ‘target rich’ environments, providing network security for the herd doesn’t have to be a painful and tedious exercise.

There’s lemonade In Them There Lemons!

Some of my favorite networks to work in over the years have been some of the most insecure. When money is tight and indecision is rampant, sometimes we don’t have many choices as network defenders.

When the atmosphere in a SOC is rife with insecurity, we can often find solace in the pessimism that drives the information security business. It doesn’t matter where you work — assuming that your network has been compromised is a healthy way of deciding what your next security-related move you should make.

When the atmosphere in a SOC is rife with insecurity, we can often find solace in the pessimism that drives the information security business.

This attitude may come off as bleak to those uninitiated in the realities of network security, but the truth is that acknowledging that there are people out there who have the means, time, intelligence, and persistence to juke your defensive measures is a special and underappreciated form of freedom.

When times is tough, the tough become researchers. Because of how different the security posture is in every environment, any given environment you may find yourself defending can be a microcosm of the larger security ecosystem. What this means is that you have the choice to become an expert in what you have at your fingertips.

You can choose to look at your moldy security environment as either a disaster bound for the autoclave, or as an agar where wonderful and astounding things can be learned. It’s up to you to decide how you’d like to approach your job, but if you choose to make lemonade out of security lemons, here are a few things that you can do;

Disclaimer

One of the hardest things about becoming a network security researcher is learning what your bounds are. While these strategies may be exciting, they come with the standard caveat that you should always get the right approvals that you’ll need from all of the relevant owners and stakeholders before you ply your craft. I don’t care how nice and how friendly your boss is with you, CYA often. CYA always. Speaking of which,

Write A Proposal For Improved Security

Bosses. Love. Proposals. But before you get down on one knee, consider that writing a proposal for how to do security better at your workplace can be done. You might find that the only thing standing between you and getting what you need to improve the world around you is a well written white paper on what’s wrong and how it can be fixed.

Not only is this good advice in general, but it’s also advice that can be applied to every other item on this list. Starting with a proposal, or a statement of intent is a great way to lay out a clean vision for the pathway forward, as well as give your supervisors something to approve.

Keep in mind that there is a right way and a wrong way to do this. Writing a proposal out of turn and without the blessing of your SOC manager (if you have one) can be seen as you trying to flout your system. Make sure that all of the necessary parties who might see, or be impacted by this know that you’re writing it.

Also keep in mind, a proposal is not a biting New York Times op-ed aimed at management. Avoid pointing the finger of blame, and focus on solutions with a clinical eye only. It doesn’t cost you anything to come up with good ideas, and don’t be discouraged if not every idea you give them takes off. You’ll at least be seen as someone with the ambition to help improve things even if you can’t execute every great idea you have.

Honeypotting

Whether you’re cleaning in a messy room, or working in a network security nightmare, it’s hard to know exactly where to start. Honeypotting is a great technique to deploy when you want to get some insight into what’s happening on your network. Setting up a strong honeynet is a great place to start, and it’s also a gift that keeps on giving. Having boxes that will constantly inform on what’s happening inside of your network will consistently pay dividends for as long as you have the time and resources to maintain them. The downside to honeypots is that they can be expensive and often time-consuming. If you’re lacking in this area, a different strategy may be better for you.

DNS Sinkholing

DNS sinkholing is one of my favorite network pass-times. If your network is highly vulnerable, then you can expect that malware has probably found its way onto your network. And if there’s malware on your network, we all know that it’s probably on Randy’s computer. As network security professionals, we have a finely tuned sensitivity to people like Randy.

Randy & his absolutely fucked workstation (bare feet pictured)

We’re not quite sure why Randy is the way he is, but we know in our bones that he’s taken the back cubicle for a reason and he’s never going to convince us that trimming his toenails back there is an okay thing to do. We also know that the forsaken-by-God code lurking in his machine’s memory threatens to melt our faces off if we ever deign to throw open the lid and gaze into its horror like a veritable Arc of the Covenant, is begging to be researched. Once again, we turn to our trusty lemon squeezer for comfort.

If you’re new to DNS sinkholing, be warned. Not all DNS sinkholing is legal, but if you’re doing it on a network that you control, and you’ve received the right approvals, there’s no reason why you should feel intimidated by setting up an environment to figure out exactly what the unholy hell is running through Randy’s computer. In fact, here is an oldie but goldie on some of the basic concepts behind .

Create A Secure Network Model

Even if your network has as many holes as a fine Swiss cheese, setting up and maintaining a secure enclave is an avenue to help prove the benefits of investing in security to even the stingiest management components in your company. Not everyone is going to understand the intrinsic benefits of having a network finely configured for security best practices, but when they see them in action, it tends to turn heads.

Building a small enclave in your network that enforces a higher standard of security is kind of like building a scale model of the aquarium you plan on building on your school’s baseball diamond (again, make sure you get permission before you do this).

Always get permission before building secure network models, or aquariums.

Good Security Starts At Home

If you are responsible for a highly vulnerable network, it’s likely that there’s something major contributing to the current state of the network in your care. You may have many challenges; bad bureaucracy, limited funding, apathetic team members, limited staffing, whatever the case may be it’s important to remember that you are a representative of your company’s security apparatus.

If there’s one person who should be practicing good security, it should be you. So don’t let those who can make an excuse for poor security decisionmaking off the hook by giving them examples of where they’ve seen you fall short. Being a standard bearer might just be the most important way to subtly change the security landscape in your environment.

Summary

Every job in infosec comes with pros and cons. It’s easy to get discouraged when you’re facing down a horrifying security monster, but whether you’re new to the game, or a 20 year veteran of the security salt mines, with the right attitude, you’ll be able to make an impact, and more importantly, you might learn something you didn’t know before.

EmilÆMaxima

Written by

Follow her on twitter: @hexadecim8

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade