Wednesday, February 13, 2019

Cyber-Security Analogy, Cont.

Let's get back to the wizard in my analogy, and the challenges of mass production.

One of my classes covered material for the Certified Ethical Hacker (CEH) exam, which deals with penetration testing. For those who don't know, you get hired to try and hack into a business so that business can make themselves more secure. Being a penetration tester uses some of the exact same tools a hacker does, except it's done at the request of the target and comes with more report writing. Or so I hear.

We had some lab assignments to go with the academic material, and had a virtual lab with virtual machines that we tried hacking into. Metasploit is probably one of the best known tools for this, and it can be used by good and bad guys alike. We also dealt with stuff like Poison Ivy, and created some phishing e-mails and the like.

I brought up Metasploit because the software contains exploits for all sorts of vulnerabilities. You just have to figure out what type of system you're targeting select the exploit you want to use, and run it. Then bam! You're in, and can do all sorts of nasty things.

You don't have to know how to create the exploit yourself, you just run the program and let it do the work for you. (You probably want to learn a bit about what a defender would see when you do that, and how to minimize the risk, but that's a lot easier to teach then learning how to code an exploit yourself.)

Thus my original analogy, and comments on how mass producing guns changed things. You've got a 'wizard' that can create a program to exploit a vulnerability, a 'spell' if you will. They can either keep it to themselves or share it with everyone else, giving all potential attackers a 'spell' that will find hidden doors in the wall.

The spells themselves are not necessarily the problem, in that defenders use the exact same spells to test their defenses and brick up doors. The real problem is the wizard, and the system for distributing spells.

And that's about where I'll call this whole series of posts to a halt. I'm not entirely sure what the system is for distributing exploits, other than that you can see the results in Metasploit and other such programs. I've heard that organized crime has an entire system for this, so maybe understanding the Dark Net would help me come up with ideas on how to target that? Or should I just assume dissemination is a given, and ignore that entirely?

And as for the wizard... Hmmm. Targeting them gets into some of the same problems with attribution that I mentioned earlier. Though I suppose you could also try coming up with a program to turn them away from the dark side? I'm not sure how many would be interested in that, though. I don't really have a good profile for what the typical wizard is like, what motivates them to do what they do, etc.

Meh. Whatever. These are just some initial thoughts on the topic, based on what I've learned so far.

No comments:

Post a Comment