Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: PC Security Journal, Security Journal, Haiti EarthQuake

Blog Feed Post

The Target Fiasco…New Controls?

Basically the Target attack, as I understand it anyway, was to get malware on point-of-sale systems – exfiltrate data. Does that sound familiar? It should, it’s basically how every breach has ever occurred. Sure you can replace malware with SQL injection or replace data with jewelry, this is how ALL theft happens. Nothing magical here folks; see a shiny thing, find a weakness in the thing protecting the shiny thing, exploit weakness, get shiny thing. This shiny thing just happened to be millions of credit card numbers but it could easily have been something else.

Like clockwork I expect there will be calls for “new controls” and “better detection methods”. You probably predicted this, but I say that’s all nonsense. We should actually use the methods we currently have. Go on, give them a chance, you know you want to. “But AV failed to detect the malware” you say and that’s correct, it seems to have and that will happen, but why was any device on Target’s POS network able to FTP to Russia? Do they have locations there or do any data processing there? Probably not. They are not the victim of a huge, advanced, vast, APT-laden conspiracy, they are a victim of loose firewall rules, pure and simple. If you cannot stop an attack, you should at least be able to contain it, that’s why we should have layers protecting important data. Those layers should be specific and monitored.

I am a huge advocate of egress filtering and I get beaten up for it a lot but you know what? I can take it, I’m a big boy and I can take it because it works. I’m sure there are hundreds of magical scenarios where it won’t work, maybe you’ll say “DNS tunneling!” and that’s probably accurate, but if you limit egress traffic you can definitely make a dent in what you have to look for, you will know your weak spots. The other one I get a lot is “but its hard and applications need lots of ports and its really hard”. The only response I have for that is, to quote an old colleague of mine, why they call it work. Yes its hard but its not impossible and if the data is important enough it should be done and done well.

I am also a huge advocate of reducing your threat landscape in common sense ways. Don’t do business in Russia? Block Russian IP addresses. Of course that won’t stop them from proxying through another channel, but again it reduces the stuff you’re looking for, making those needles in haystacks a bit easier to find. I’m not proposing rocket science here, this is all stuff you should already be doing so ask yourself, am I avoiding work because its “too hard” or am I just another target?

The post The Target Fiasco…New Controls? appeared first on Hurricane Labs.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.