Leak Paths Are Central to Most of Today’s Successful Breaches
Perimeter defenses are well-tested protective elements that have been used for thousands of years. Instead of protecting each house in a city against invaders, walls were built around the city, and well-guarded gates controlled access to the city. Often, there were lesser entry points through the walls, for convenience or special uses. These included “postern gates,” which were small entrances far from the main gates. There are numerous tales of cities that fell because their perimeter defenses were subverted by these little known entry points. Spies on the inside, who find these long-forgotten “postern gates”, provide an entry point for covert operations and that is exactly what happened in this case.
These unknown or unauthorized entry points are leaks – a means to malicious or unauthorized entry across the network perimeter. Firewalls and intrusion detection systems serve as gatekeepers to defend the network; nevertheless, circumvention can and does happen. Unlike data leaks, which represent the egress of sensitive information from an organization’s control, Internet leaks are unrestricted pathways into and/or out of an organization’s network perimeter. Malicious attackers use these paths to infiltrate networks, compromise endpoints, shuttle additional malware, install encryption software for ransomware, move laterally to find sensitive data, and even take over additional systems through more infections. According to a
Core of the Problem
Continuous changes to the network landscape, including infrastructure, operating systems, and applications can cause organizational security policy and network defense configuration to become misaligned, contributing to a proliferation of leaks. And it only takes one leak to allow malicious intrusion into a network.
Proactive identification of leaks and exposed network zones allows effective prioritization of remedial resources to prevent network subversions. When combined with the other aspects of a comprehensive Network Assurance program, real-time leak discovery can be a powerful mechanism for comprehensively protecting an organization’s network.
Stay tuned for Part II of this two-part series which will cover the differences and implications of inbound versus outbound leak paths. While it may not seem obvious, an inbound leak path is often the precursor to an outbound leak and more indicative of a breach attempt. In addition, we’ll cover some recommendations in proactively identifying leak paths and segmentation violations.
About the author:
Source: infosec island