July 17, 2019
The hack at NASA and the importance of network visibility
Take a minute and be honest with yourself: do you know what is in your network at every single moment? Do you patch vulnerabilities as fast as you can? Are you actively searching for anomalies in your network? Do you have a person responsible for network security who is getting proper training? What’s the state of your incident management?
Every network with an internet connection faces random, opportunistic bot attacks every day. These attacks are often repelled by firewalls, which means you never see them. But what happens when a malicious individual, or group, with enough knowledge and skill attacks your network? If security standards are neglected, you are essentially asking for a data breach. This isn’t reserved for just the small business with limited resources. Even big companies like Target or famous government agencies like NASA have discovered this. NASA, specifically learned this the hard way recently, disclosing that they had suffered a data breach which lost sensitive military and scientific information.
Pi in the face
At the NASA Jet Propulsion Laboratory (JPL), someone connected an unauthorized Raspberry Pi to the network, which was then targeted by hackers who were able to move further into NASA’s network and got as far as the Deep Space Network array of radio telescopes.
The lengthy security audit report that was created after the attack took place, (link: https://oig.nasa.gov/docs/IG-19 – 022.pdf) contains even more alarming neglections, like:
- Incomplete hardware and application database.
- Long response time to vulnerabilities (over 180 days in some cases).
- No threat hunting program.
- Lack of IT security professionals.
- Insufficient incident management.
- And more…
Seeing is believing
What was the most important factor they neglected? Visibility.
But how to know what’s in your network at every single moment? You need to have a solution that monitors (ideally passively) your network. If you have that, you can’t be surprised by a rogue device — Raspberry Pi, mobile phone, the wireless router — that shouldn’t be there, only to be later exploited as a doorway to your secrets.
To do this, you either need to perform a series of frequent and regular security audits, which will make you aware of what is or was connected, keep track of recently published vulnerabilities and their resolutions — which takes time you don’t have, and human-power that you are likely having problems hiring. Or, you can have a way to tell whether something enters the network or tries to exploit a vulnerability — be it a successful or failed attempt. In the later case, a Network Traffic Analysis (NTA) tool, like GREYCORTEX Mendel shows all of the devices connected at any given time, what other devices they are talking to — both internally and externally.
Often these communications are perfectly “normal.” But anomalous communications — a Raspberry Pi in a JPL lab communicating with a Deep Space Telescope thousands of miles away — even though a known threat is not present — indicated an advanced attack that can be identified only by knowing what’s present in the network.
Without visibility, you make yourself an easy target for attackers.
Laying the foundation for security
But visibility is also a building block to other parts of the complete security picture and helps to solve several other problems that networks — like the one at NASA, or your network — face:
How to actively search for anomalies in the network without wasting valuable resources? Visibility — especially the type that comes from Network Traffic Analysis — into the connected devices helps to identify anomalous communications — which are often red flag for an attack by advanced threats. Not knowing what’s connected, and what’s communication means you’ can’t find out if there is something dangerous occuring. Not knowing this can lead to a major data leak which will cost your company a huge amount of money.
You may find, as NASA’s auditors did, that you have a lack of qualified security personnel to handle the full range of security demands. Network Security Experts are a rare commodity, highly valued by companies where they work, and there is a shortage of skilled personnel. This means building or adding to a network security team can be a tricky task in the best of cases. NTA solutions — which identify the devices connected and their communications — can help to solve this problem, by turning security audits from a process to a couple of clicks — from hours to seconds. If you are truly strapped for time or resources, NTA solutions offered as a service by qualified service providers can be an effective solution.
The lack of visibility is one of the major internal causes of pain in network security these days. Without it, you don’t know if, how, or when your network was compromised. You don’t know if someone in your cafeteria has connect to your Active Directory using your public Wi-Fi. You don’t know that Karen from Accountant department plugged her infected personal laptop to your network.
Don’t be in the dark. Solve your network visibility problems, and shine a light into your network.