GameChanger: Data Segregation / Timed Data Vaults

March 21, 2011

Its about time we turned the table on attackers by doing what we should have done long ago.  Making the data UNAVAILABLE to them.  I came up with this approach a while back doing response.

If hostile threat actors who fill up warehouses (WOW Gold Farming Style) banging on their keyboards, interacting with their encrypted reverse shells that the seeded your organization with, and filling up their encrypted RAR files with your crown jewels, then your just toast.  What is needed is to segregate and limit access to critical data to only the time periods during which the data is used by the user.

So all the CNE operators basically do their job across the pond directly opposite our time zone.  Their 9-5 is our nighty night time.   Well your organizations hosts (turned on at night because they cant SUFFER a REBOOT after patching in the morning –> users scream wAH.) DO NOT NEED access to data when you are not logged on or away from work.

If user data was either cryptographically locked and segregated from the host machine during a certain chain of events or predetermined time periods. Then it wouldnt matter if half of China was on your box.  They could not get access to it even if they wanted to.  Additionally I have recommended to my clients that they actually force their users to segregate all sensitive data on Removable USB encrypted harddrives that are disconnected at night.  This however only fixes the client data issue and not the compromised credentials ripping data off of portals or share drives.

This concept combines two mitigations into one.  Remove the data from the host, and make it unavailable when its not needed.  The beauty of this is that it would FORCE CNE operators to lose their beauty sleep because they would have to work during OUR business hours not theirs.  and o btw make them really cranky.  They would have to attack our data on our boxes while we are on them and while that data is in use.  Making it much easier to detect anonmolies, as well as allow for the highly skilled DAY SHIFTs in the SOCs to better detect and respond.

The other approach swings well with Green Policies and saves money.  Forcing systems to shutdown during logoff events would additionally remove the data from being targeted as the machine is OFF and save electricity to boot.  Your money saved can go toward that 3 million you will spend on your next APT compromise.  Traditionally patch managers freak out and say this will prevent patching from being done.  NO this will prevent patching from being done when They want to do it.  Change the game.  Fuck your adversary.

It makes sense to me and it should make sense to you to.  Vendors / Entrepreneurs get on it.  CISOs get educated, your getting robbed blind, think unconventional and protect yourselves.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: