Zero-day Network Exploits, and Securing a Network Against The Unknown

[Benjies]

TL;DR Summary

The zero-day exploit: What can we safely assume about the function of a network?

Hi all! I'm coming from the aerospace subforum, so please inform me if I'm inadvertently breaking some rules of engagement here with this post, or if I've broken an unspoken tech forum rule (I know frequently each subforums have their own way about doing things).

My question is in regards to the hidden layers behind the functions of devices that exist in networks (or IoT security). Right now, if I held a perfect database of all information regarding how a network works, and how each system within a network works, I can perfectly explain to you how a network is secure, or insecure.

However; with exploits being very prevalent- what good does standardizing a network against known threats do if the underlying principles of security can be exploited unendingly by exploits which only a choice few know about (zero-days)? What are you securing a network against other than criminals with crude tools? I sense a laundry list of exploits exist with enough spin on network functionality that the underlying principles of network security are coerced. Is the securing of a network a "99% practice", such that those without the knowledge of how a function can be broken, are simply left out of the equation- a sort of "best effort" practice?

Ironically, I come from the aerospace side of the house: if you try to undermine the basic physics of how an engine operates, it will simply break or explode. On a network, however, if you try to undermine it, can a successful undermining (zero-day) even be sensed? Can a network be secured against this in some way other than just applying best practices (anomaly sensing)?

Insight and discussion appreciated. Again, I'm just an aerospace guy who is curious. Thanks!

 

[Tom.G]

Likely not the definitive answer you are after, but...

• The Government, and many in industry, us an "Air Gap." That is, "Important" computers are not connected to any network and physical access is restricted to 'trusted' personnel (enforced with armed guards and very thick walls).

Seems secure... however,

As widely reported in the public press at the time, few years ago the US government was concerned about another country enriching Uranium to bomb grade.

• It was reported that the enrichment facility had an accident and been destroyed.
• Soon thereafter it was reported that the high speed centrifuges used for Uranium enrichment had gone over-speed and self destructed.
• A somewhat later report stated that one of their 'trusted' personnel was found to be carrying a USB memory stick in and out of the facility.

Even later it was leaked(?) that the above USB memory stick had a virus/Trojan Horse planted on it that destroyed the centrifuges.

So what would you say is the apparent answer to your question?

Cheers,
Tom
(be CAREFUL!)

p.s. Based on pure speculation,

• having information broken up and pieces stored on computers in distant locations;
• each using different encryption - operating systems - CPUs - etc;
• not on the public network;
• with no individual person having access to more than one site;
• all decommissioned hardware physically destroyed on-site,

would seem to be an absolute minimum architecture.

And then there are spies!

 

[anorlunda]

Summary: The zero-day exploit: What can we safely assume about the function of a network?

Right now, if I held a perfect database of all information regarding how a network works, and how each system within a network works, I can perfectly explain to you how a network is secure, or insecure.

I doubt that you can encode "how a system works" in a database. But that aside, consider the game changing implication of the word network.

I may make a computer and software that I understand very well. But put it in a network, and we introduce the possibility of making a larger system that included components (e.g. remote computers) that we don't understand. How will the original computer perform in the larger system? Doesn't that sound inherently unanswerable to you? @Tom.G hinted at the solution with "air gap". Prevent it from becoming part of a network.

There must be some computers left over from spent or crashed probes on Mars. It is a very safe bet that those computers can't be hacked.

 

[Benjies]

Likely not the definitive answer you are after, but...

• The Government, and many in industry, us an "Air Gap." That is, "Important" computers are not connected to any network and physical access is restricted to 'trusted' personnel (enforced with armed guards and very thick walls).

Seems secure... however,

As widely reported in the public press at the time, few years ago the US government was concerned about another country enriching Uranium to bomb grade.

• It was reported that the enrichment facility had an accident and been destroyed.
• Soon thereafter it was reported that the high speed centrifuges used for Uranium enrichment had gone over-speed and self destructed.
• A somewhat later report stated that one of their 'trusted' personnel was found to be carrying a USB memory stick in and out of the facility

Yes, Stuxnet was a great example of what I'm concerned about in my original post. Four zero-days with one attack. Likely a very well defended network, but ultimately the functions of a computer are subverted by a slew of exploits.

I doubt that you can encode "how a system works" in a database. But that aside, consider the game changing implication of the word network.

In hindsight my statement was awfully worded. The configuration of the systems comprising a network can be stored in a database, including configuration changes. That might clear things up a bit.

Both you and Anorlunda's posts are well received. Don't put your stuff on a wide-area network. Break up the system and data access. Simple best practices.

 

[anorlunda]

Back in the 90s, I used to advise people, "Don't do anything immoral, illegal, or embarrassing, in a room containing a computer; must less enter the details on a computer." Today, it's very hard to find a room without computers.

It is OK to accept risk to gain convenience, but it should only be done deliberately, never because of lack of thought. So every time you're about to write something confidential on a computer or to save login credentials on a computer, ask yourself "Is it worth the risk?" In some cases, the answer should be to revert to pen and paper.

 

[Vanadium 50]

Those air gapped computers now have epoxy in their USB ports to avoid those kinds of problems. In fact, many government computers do: the threat they are trying to protect against is not Boris and Natasha, but rather some underpaid civil servant selling citizens' personal information.

I think it's worth thinking about how big a target you are. If you are a major world government you are a target, and your threats are coming from other major world governments. If you're a homeoowner, your threat is mostly criminals, and relatively unsophisticated ones at that.

I do get attacks. Sometimes from overseas, sometimes from cloud providers who are unable or unwilling to stop them, and sometimes from computers that have themselves been compromised. This is easy to stop. If Russia or China really, really wanted in, could I stop them? Probably not.