Sunday, April 3, 2016

Peeling the onion of data-leakage

I recently tweeted a formula about data-leakage. In this post I will further explain with what this means. This formula was a thought-experiment by my friend and co-security-professional Rick Veenstra and myself.

In this thought-experiment we wanted to explain what the concept of a data-leakage is, of what components it exists of and how we can use that knowledge to hopefully prevent them. We started with the basics and moved down the ladder from there.

Data-leakage = actor + vulnerability

On the highest level, a data-leak can only emerge when a certain actor exploits a certain vulnerability. There are probably multiple vulnerabilities needed in order to succeed, but you need to exploit at least one. The actor in this case can range from the black-hat hacker, to the cyber-criminal, to the disgruntled employee of your organization.

Vulnerability = asset + access platform

But when you look at the vulnerability you will notice that it consists of multiple components. These are the assets which often are called the crown-jewels of the organization, and the platform which can access them. This platform can be the Internet (likely the first stage), but also an internal platform that is being exploited.

Asset = unencrypted data | credentials | other access platform

In this case, the asset is either the actual data itself, or the credentials needed to access the data, or another platform which will enable access and thus moving closer to the target data. The data needs to be unencrypted in order to have value for the one stealing it. Therefore, we explicitly mentioned that it needs to be unencrypted. Credentials are the usernames and passwords from within the organization. And the other access platform can function as a stepping stone to another system.

Access platform = resources + privileges

The resources in this case is anything that can be a landing zone for the intruder. This can be the operating system of a server, a workplace of an employee, an application or an active network-component. Obviously there are many more examples thinkable here. Privileges are needed to actually access and use the before mentioned resource.

The formula

The summary of this thought-experiment is as follows.

Data-leakage = actor + vulnerability

Data-leakage = actor + ((unencrypted data | credentials | access platform) + (resources + privileges))

A data-leak exists of an actor in combination with access to unencrypted data, or the access to the credentials of the data, or access to the platform which has access to it. In order to actual utilize the resources to get to the data, privileges are needed in combination with the access platform. From there, when everything is in place, a non-authorized person just might succeed in his or her mission.

And what's next?

When executing a risk-analyses on this topic you need to factor all variables mentioned above into the equation. You need to, as far as it is possible, give some level of attention to the actor. You might want to consider encrypting important data, and keep credentials secure in password-managers. Privileges should follow the "least-privilege" principle and resources should be hardened and isolated within in zones in your IT-infrastructure.

Obviously it is easier said than done due to complexity and budgets. But it might help bringing focus to what is important and help deciding which security issue needs to be addressed first.

If you have any comments, feel free to post them. Thank you for reading this post!



Post a Comment