Is your network isolation leaking?
One of the most important things a company handles is information. Information can be crucial for operations but can also be sensitive information about people or critical functions. What if there was a leak in the network that you thought was isolated? Information security is more important than ever and requires structured ways of working and strictly controlled networks.
What is information security?
Information is a basic building block in an organisation, in the same way as employees, premises and equipment. Information expresses knowledge or message in a concrete form. We can communicate information, we can store it, we can refine it and we can control processes with it - we simply need it for most of what we do. Therefore, information is valuable and needs protection.
Information can be valuable both for organisations and for the individual, sometimes it is even vital. If such information is lost or incorrect, it can have catastrophic consequences. Information security is about preventing information from being leaked, distorted, and destroyed. It is also about having the right information available to the right people, and at the right time. Information should not fall into the wrong hands and be misused.
What can happen if you lack in information security?
Lack of information security can have consequences in the form of the business not being able to be conducted in an appropriate and efficient manner, lack of protection of personal integrity and disruptions in socially important activities.
Deficiencies in information systems can also affect physical functions. Incidents that lead to the inability or destruction of such systems and assets can lead to serious crises affecting the financial systems, public health, national security, or combinations thereof. It can also lead to a deterioration in confidence in services and underlying actors. Serious and repeated disruptions can lead to crises of confidence, which can also spread to more actors and services as well as to other sectors.
Information leaks in networks
The fact is, sometimes systems and networks have been breached, but the breach is not noticed – sometimes for months. There can also be an unknown leak, exposing sensitive information. If there is a leak in the network, it is better to know immediately so that it can be fixed as soon as possible before it is exploited.
During a trial by the National Cyber Security Centre Finland of the Finnish Transport and Communications Agency (Traficom), it was found out that 81% of the tested companies had unexpected leaks in networks that were intended to be isolated. What is even more troubling, is that some of the tested networks were critical networks in ICS/OT environments that should not be connected to the internet.
What can you do to keep your network safe?
What if you could have an alarm go off if there are network isolation leaks in your network? In fact, there are such solutions. These solutions can easily tell if there is an information leak in your network, and where it is coming from.
SensorFu has a solution called Beacon – when using Beacon, it tries to “call home”, i.e. send data to a server outside the high security network. Various “tricks” are used by Beacon, for example various techniques based on IPv4 and IPv6, such as TCP, UDP, ICMP, DNS, Multicast, IPSpoofing and Broadcast UDP. If it succeeds and finds a leak in your network, you are alerted via Syslog, Slack or an HTTP API. In the study by Traficom mentioned earlier, Beacon found the unexpected leaks in network isolation and potential data leakage paths.
A solution that can be used to make sure that nothing leaves your network is to use a data diode. A common solution to keep sensitive or classified information safe from leakage or manipulation is to completely disconnect it from other networks. However, there are situations when data needs to be transferred to or from the protected network. The function of a data diode is to allow all data to pass in the forward direction, while blocking all data in the reverse direction. In this way, you make sure that no information leaves your network.
Beacon and data diodes can also work together. Using data diodes is a great method to enforce one-way data flows between security domains. However, network isolation may fail because of misuse or manipulation that somehow bypasses the security controls. If a data diode is combined with Beacon, you have excellent control of the data flows and in those scenarios where there is an unknown connection to outside environments, you will get an immediate alert from Beacon.
Do you need help securing that your networks do not leak information? Contact us!
And, read more about Beacon here!