[AusNOG] The Ransomware to come

Chris Hurley chris at minopher.net.au
Wed May 17 22:26:09 EST 2017


I'm sure some one will point out where I'm wrong but I remember the original
Linux was developed as a games OS for uni students, full of holes. But when
the inventors later on offered a secure version no one was interested.
Microsluth  had the 'market'.

Email was always 'best effort' no guarantee of arriving. And never had
security as to content. Ie malware and I would add stupid ware.

Internet directory fitted on an A4 page. Dial up interconnect/bulletin
boards etc.

Now we have multiple paths/vectors and companies not wanting to pay for
security. Until too late then they hang out to dry IT.

Sorry I'm a little jaded. Most small/medium companies with 2 x NAS's with
one off line could counter most ransome ware (until the buggers delay the
pay load for 7 days) , but management won't 'spring' for the NAS's.

Many many companies have forgotten daily, weekly, monthly back ups off site.
All in the drive to save the cost of a dozen tapes.

I love the anti-virus companies are now marketing we 'may' have a decode
key. Mmmm do I detect extra sales pitch????

Only good news is a couple of our customers finally worked out the "oooh
shit moment " and are likely to upgrade processes.

Cheers
Chris


From:  AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Paul Wilkins
<paulwilkins369 at gmail.com>
Date:  Wednesday, 17 May 2017 9:45 PM
To:  AUSNog <ausnog at lists.ausnog.net>
Subject:  Re: [AusNOG] The Ransomware to come

Mark,
That's a good question and I'm glad you asked.

Once you have a security plane for your data, you can assign profiles
according to the data's provenance. Integrate this with your OS security
plane, including as an input to your virus scanner, with a view ultimately
to preventing control plane actions (like encrypting all your data) that
emanate from untrusted or untrustworthy sources from ever being allowed
write access outside of the mail spool.

The basic problem being, the OS treats a control plane action on a socket
the same, regardless of you're logged in from iLo, or coming remote from
Ukraine. Firewalls are essentially creating an artificial security plane,
but it's a bandaid, and requires you architect your network to channel all
your traffic through a chokepoint. If a socket's security profile was part
of the API, the profile would follow control actions up the stack, and you'd
get end to end security.

Kind regards

Paul Wilkins

On 17 May 2017 at 11:12, Mark Newton <newton at atdot.dotat.org> wrote:
> On May 14, 2017, at 3:34 PM, Paul Wilkins <paulwilkins369 at gmail.com> wrote:
>> > My feeling is we could see Cisco invent a means of allocating SGT tags by
>> BGP community extended to 64 bits, and some integration of 802.1x to deliver
>> Trustsec to the desktop. The problem being, this implies separate routing
>> tables for different security profiles, being necessarily the case, which is
>> not something ipv6 could be made to support.
> 
> How, precisely, would that make any difference to the ransomware attack that
> sparked your creation of this thread?
> 
>   - mark
> 
> 
> 

_______________________________________________ AusNOG mailing list
AusNOG at lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170517/df4e973a/attachment.html>


More information about the AusNOG mailing list