By Gregory Hale
Sometimes communication should only go one way.
That is why there were two companies – Waterfall Security Solutions and Owl Computing — talking differing technologies at the PAS Technical Conference in Houston, but saying one way communication is a very effective security tool.
Take the Shamoon attack this past August. RasGas suffered from the attack last August and it forced the company to disconnect completely from the network.
This was the same virus that wiped out 30,000 hard drives at Saudi Aramco.
While the immediate reaction was to disconnect from the network, that was obviously not a sustainable solution, so Owl Computing came in and introduced the data diode to RasGas to allow the natural gas provider in Qatar to get back into the ballgame.
The solution the beleaguered natural gas leader decided on was implementing a plant that involved a data diode. A data diode is an appliance or device that creates a one way communication to ensure data travels securely in only one direction, said Ron Mraz, president and CTO at Owl Computing during his Tuesday discussion entitled “Cyber Security Solutions at RasGas.” The data diode provides multiple independent point to point channels within the controlled network security environment.
The solution provides:
• Non routable point to point communications across the electronic security perimeter (ESP)
• Allows for a point to point hardware channels without source/destination addressing
• Dedicated channels enforce non-routable communications
• Supports IP hardware level protocol breaks across the ESP
One of the positives, Mraz said, about using the data diode was it “was a guaranteed one way transfer of necessary operational information out of a control system network.”
Then there is also the idea of how in some scenarios unidirectional gateways are the superior choice to combat bad guys trying to invade your system. While firewalls get the most publicity and are a very effective tool, sometimes unidirectional gateways are a much better fit, said Andrew Ginter, director of industrial security at Waterfall Security Solutions, during his discussion entitled “13 ways through a firewall, what you don’t know will hurt you.
“The reasons you connect to the business network is for profitability,” Ginter said. “But that introduces risks to reliability. Computers are not as robust as humans, a simple virus can cause a problem.”
Traditionally, when confronted with the idea they must create some kind of security solution, an end user usually just will say, “Let’s put up a firewall and we will be protected.” Ginter said that is the wrong approach. First you must understand what you are trying to protect and then go into the most effective way of doing that. Sometimes a firewall works, but in more cases there are other solutions that work better.
That is why he went about saying there are 13 ways to break through a firewall.
The thirteen ways are:
1. Phishing, which was the single most common way to break through a firewall
2. Social engineering, easiest way to break through a firewall
3. Compromise the domain controller and create your own account
4. Attack exposed servers and bypass the firewall
5. Attack the Industrial Control System via compromised servers
6. Session hijacking, man in the middle
7. Piggy back on the VPN
8. Firewall vulnerabilities
9. Errors and omissions
10. Forge an IP address
11. Bypass the network security perimeter
12. Physical access to the firewall. If you can touch it, you can compromise it.
“Firewalls are software and with lines and lines of code, that means code vulnerabilities are more prevalent,” Ginter said.