If 2020 was the year of Covid, remote working, and collaboration for everyone, what will it become for security in 2021? Yes, it’s gonna be the year of communication security, as everyone realizes how the attack surface of their companies just went up exponentially, and hackers start finding their way in through collaboration systems.
What does that mean for security?
Every tool is like a knife – it can hurt when used incorrectly. A collaboration or communication system, like any other modern-day system, lives on the cloud. Whatever is on the cloud is subject to hacker scrutiny. It is constantly being bombarded with attempts from hackers to get into it. Millions of hack attempts are staged on communication system components like Session Border Controllers (SBCs) every day.
What exactly is communication security?
Who/what are we securing against?
The key question in security is always to know who we are securing against, and the kind of hack. Securing yourself against a state-sponsored cyber-attack / espionage attempt may require thousands of hours of cybersecurity expertise, simulated attacks by blue and red teams, and millions of dollars of investment to remediate. But that is not what most of us need to be worried about.
So, let’s get our target straight. We are not protecting against state actors – as an enterprise, we just do not have the resources to do so.
But we can protect ourselves against hackers, script kiddies and inadvertent (configuration) mistakes. That is to say, we are protecting ourselves against 99.999% of the attacks. And that is a lot!
So, how do we look at communication security?
Let’s get to a simple primal way of life to understand this better. Out on the internet / cloud, there are million devices. Let us for a moment assume that you are not facing a “directed attack”, meaning a hacker is not out there to get you (you are not being subjected to a corporate espionage). Everyone loves free lunches or at least low-hanging fruits. So does the hacker!
Hackers usually look for weak targets – they sweep the internet. There are a million ways to find the ‘weak-ones’. When a tiger surveys a herd of deer to identify the fawn it wants to target, we see that the tiger has made 2 choices – it chose to zero in on “deer” and within that chose the exact “fawn” to attack.
Communication security today is far easier to break into, out on the internet. This is public knowledge. Just like the tiger knows that deer are easier to attack compared to bison, zebras, or giraffes.
5 timeless ComSec resolutions
[Resolution 1: Hide your information] The less you share, the less they know; and information is power. Exposing certain ports, certificates, HTTP headers, responding to certain messages tells the hacker the type of system you have, the operating system, services that are running, etc. each of which is useful for hackers to plan their attacks. For example, when you set up your SBC, make sure only SIPS and if necessary, HTTPS services are open to the external world. Respond only to messages that you want to e.g. REGISTER, INVITE, etc. from valid users and devices.
When the tiger chooses to attack, does it attack a healthy, alert fawn or one that looks weak and unhealthy? The objective of the tiger is simple – food. The hacker motivations are also simple – your data, money or reputation. They need a quick win. They will attack the system that signals greatest weakness – an unhealthy, limping fawn.
[Resolution 2: Ensure basic security standards for communication security] Collaboration systems have been traditionally weak in security. Basic security hygiene is not rocket science, it just needs discipline. Ensure that your collaboration system does not “stray off track” when it comes to security. For example, use CA-signed certificates with 2048-bit RSA key pair for SSL and a 256-bit key for symmetric encryption. Dig deep into certificates – understand the risks of using a Wildcard certificate, how long should your certificate expiry be, and whether you need a revocation policy – these are important concepts to limit damage in case your certificates get compromised.
Have you observed that the tiger will wait for its opportunity? Even if it takes hours, it will lay down waiting. Because timing an attack is as important as selecting the target. So is the case with the hacker. They will find the time your monitoring is down. Knowing that your security guard is down, they will attack to maximize the chances of kill (“breach”). The deer while grazing or drinking water always has one eye on the horizon, scanning for the slightest whiff of trouble.
[Resolution 3: Keep scanning for signs of trouble] Reconnaissance is key before an attack, and hackers prepare themselves well. If you have the right monitoring systems in place, you will know at the first sign of trouble and can take action to reduce the risk (improve surveillance, bolster security or shut services). You may want to ensure that perimeter devices like the SBC are logging at all times and at the right log level. In case logs do not arrive or if too many log lines arrive in a window of time, you may want to start investigating.
Once the tiger has found the opportune time, it will spring to action and in seconds will chase down its target. Do you know which part of the fawn it will attack first? The tiger will choose the weakest spot to attack – It has no intention of getting hurt in the fight or losing the battle. It wants to win; it wants to kill. The hacker attacking your system is the same. They identify the weakest spot and break in.
[Resolution 4: Know your weaknesses] Knowing the exposed surfaces and the kind of attacks that can happen to each, gives an insight into what will break first. Now that you have an idea of the weakest links, work clinically to eliminate those.
Not every attempt by the tiger results in a kill. In fact, over 85% result in failures – meaning the deer is able to escape. In close cases, it could be that the deer spotted the tiger a second earlier, is a tad faster, or is able to inflict damage on the tiger to gain time. In some other cases, there is help nearby from the flock or friendly animals that help scare off the tiger. In either case, the trick is awareness and watchfulness.
In cyber security too, over 80% of the attacks do not become a breach, the defense is able to ward off the attacker. Would you not want to be in that 80%? Every second you are unaware that you are under attack gives the hacker that extra time to bring you down and can make a difference between a “breach” and “an attack”.
[Resolution 5: Monitor your communication security status periodically, if possible, in real-time] Knowing that you are under an attack is immensely valuable information. Set up monitoring systems and processes to assess your security periodically. If you can achieve real-time monitoring, great! Logs are great forensic tools, but not the only ones. System behavior can be ascertained via other observation points – e.g. traffic, how fast it is responding to user action etc. You need a mechanism to track system behavior using periodic testing to ascertain that it is in top shape.
Remember, there is nothing like 100% security, but it is absolutely possible to be 99%+ secure – and most of the hard work is just discipline and diligence.