Zero-day Network Exploits, and Securing a Network Against The Unknown

  • Thread starter Benjies
  • Start date
  • Tags
    Network
In summary: USB memory stick in and out of the facility.Later it was leaked(?) that the above USB memory stick had a virus/Trojan Horse planted on it that destroyed the centrifuges.So what would you say is the apparent answer to your question?Cheers,TomIt seems that the answer is to prevent the network from being connected.
  • #1
Benjies
54
28
TL;DR Summary
The zero-day exploit: What can we safely assume about the function of a network?
Hi all! I'm coming from the aerospace subforum, so please inform me if I'm inadvertently breaking some rules of engagement here with this post, or if I've broken an unspoken tech forum rule (I know frequently each subforums have their own way about doing things).

My question is in regards to the hidden layers behind the functions of devices that exist in networks (or IoT security). Right now, if I held a perfect database of all information regarding how a network works, and how each system within a network works, I can perfectly explain to you how a network is secure, or insecure.

However; with exploits being very prevalent- what good does standardizing a network against known threats do if the underlying principles of security can be exploited unendingly by exploits which only a choice few know about (zero-days)? What are you securing a network against other than criminals with crude tools? I sense a laundry list of exploits exist with enough spin on network functionality that the underlying principles of network security are coerced. Is the securing of a network a "99% practice", such that those without the knowledge of how a function can be broken, are simply left out of the equation- a sort of "best effort" practice?

Ironically, I come from the aerospace side of the house: if you try to undermine the basic physics of how an engine operates, it will simply break or explode. On a network, however, if you try to undermine it, can a successful undermining (zero-day) even be sensed? Can a network be secured against this in some way other than just applying best practices (anomaly sensing)?

Insight and discussion appreciated. Again, I'm just an aerospace guy who is curious. Thanks!
 
Computer science news on Phys.org
  • #2
Likely not the definitive answer you are after, but...
  • The Government, and many in industry, us an "Air Gap." That is, "Important" computers are not connected to any network and physical access is restricted to 'trusted' personnel (enforced with armed guards and very thick walls).
Seems secure... however,

As widely reported in the public press at the time, few years ago the US government was concerned about another country enriching Uranium to bomb grade.
  • It was reported that the enrichment facility had an accident and been destroyed.
  • Soon thereafter it was reported that the high speed centrifuges used for Uranium enrichment had gone over-speed and self destructed.
  • A somewhat later report stated that one of their 'trusted' personnel was found to be carrying a USB memory stick in and out of the facility.
Even later it was leaked(?) that the above USB memory stick had a virus/Trojan Horse planted on it that destroyed the centrifuges.

So what would you say is the apparent answer to your question?

Cheers,
Tom
(be CAREFUL!)

p.s. Based on pure speculation,
  • having information broken up and pieces stored on computers in distant locations;
  • each using different encryption - operating systems - CPUs - etc;
  • not on the public network;
  • with no individual person having access to more than one site;
  • all decommissioned hardware physically destroyed on-site,

would seem to be an absolute minimum architecture.

And then there are spies!
 
  • #3
Benjies said:
Summary: The zero-day exploit: What can we safely assume about the function of a network?

Right now, if I held a perfect database of all information regarding how a network works, and how each system within a network works, I can perfectly explain to you how a network is secure, or insecure.
I doubt that you can encode "how a system works" in a database. But that aside, consider the game changing implication of the word network.

I may make a computer and software that I understand very well. But put it in a network, and we introduce the possibility of making a larger system that included components (e.g. remote computers) that we don't understand. How will the original computer perform in the larger system? Doesn't that sound inherently unanswerable to you? @Tom.G hinted at the solution with "air gap". Prevent it from becoming part of a network.

There must be some computers left over from spent or crashed probes on Mars. It is a very safe bet that those computers can't be hacked.
 
  • #4
Tom.G said:
Likely not the definitive answer you are after, but...
  • The Government, and many in industry, us an "Air Gap." That is, "Important" computers are not connected to any network and physical access is restricted to 'trusted' personnel (enforced with armed guards and very thick walls).
Seems secure... however,

As widely reported in the public press at the time, few years ago the US government was concerned about another country enriching Uranium to bomb grade.
  • It was reported that the enrichment facility had an accident and been destroyed.
  • Soon thereafter it was reported that the high speed centrifuges used for Uranium enrichment had gone over-speed and self destructed.
  • A somewhat later report stated that one of their 'trusted' personnel was found to be carrying a USB memory stick in and out of the facility
Yes, Stuxnet was a great example of what I'm concerned about in my original post. Four zero-days with one attack. Likely a very well defended network, but ultimately the functions of a computer are subverted by a slew of exploits.

anorlunda said:
I doubt that you can encode "how a system works" in a database. But that aside, consider the game changing implication of the word network.
In hindsight my statement was awfully worded. The configuration of the systems comprising a network can be stored in a database, including configuration changes. That might clear things up a bit.

Both you and Anorlunda's posts are well received. Don't put your stuff on a wide-area network. Break up the system and data access. Simple best practices.
 
  • #5
Back in the 90s, I used to advise people, "Don't do anything immoral, illegal, or embarrassing, in a room containing a computer; must less enter the details on a computer." Today, it's very hard to find a room without computers.

It is OK to accept risk to gain convenience, but it should only be done deliberately, never because of lack of thought. So every time you're about to write something confidential on a computer or to save login credentials on a computer, ask yourself "Is it worth the risk?" In some cases, the answer should be to revert to pen and paper.
 
  • #6
Those air gapped computers now have epoxy in their USB ports to avoid those kinds of problems. In fact, many government computers do: the threat they are trying to protect against is not Boris and Natasha, but rather some underpaid civil servant selling citizens' personal information.

I think it's worth thinking about how big a target you are. If you are a major world government you are a target, and your threats are coming from other major world governments. If you're a homeoowner, your threat is mostly criminals, and relatively unsophisticated ones at that.

I do get attacks. Sometimes from overseas, sometimes from cloud providers who are unable or unwilling to stop them, and sometimes from computers that have themselves been compromised. This is easy to stop. If Russia or China really, really wanted in, could I stop them? Probably not.
 

FAQ: Zero-day Network Exploits, and Securing a Network Against The Unknown

What is a zero-day network exploit?

A zero-day network exploit is a type of cyber attack that targets vulnerabilities in a computer network that are unknown to the software developers. This means that the exploit takes advantage of a security flaw that has not yet been discovered or patched by the software developers, making it difficult to defend against.

How do zero-day network exploits work?

Zero-day network exploits typically involve a hacker finding and exploiting a vulnerability in a network or software. This can be done through various methods, such as phishing emails, malware, or social engineering. Once the vulnerability is exploited, the hacker gains access to the network and can steal sensitive information or cause damage.

What are the risks of zero-day network exploits?

The risks of zero-day network exploits include the potential loss of sensitive information, financial loss, damage to a company's reputation, and disruption of business operations. These exploits can also be used to install malware or ransomware, which can have long-term consequences for a network and its users.

How can a network be secured against zero-day network exploits?

Securing a network against zero-day network exploits involves a multi-faceted approach. This includes regularly updating software and operating systems, implementing strong firewalls and intrusion detection systems, conducting regular vulnerability assessments and penetration testing, and educating employees about cyber security best practices.

What is the role of a network security expert in protecting against zero-day network exploits?

A network security expert plays a crucial role in protecting against zero-day network exploits. They are responsible for identifying and mitigating vulnerabilities in a network, implementing security protocols and measures, and staying up-to-date on the latest threats and security solutions. They also play a crucial role in responding to and recovering from zero-day network exploits, should they occur.

Similar threads

Back
Top