Page 45 - CDM Cyber Warnings February 2014
P. 45
an interesting thing: if you slide a credit card along the door ● If I do, reporting on whether they�re the corrected �B�
jamb at 15 degrees while pulling up on the handle, the version made after October 2012
Secure-A-Door 800 pops open like a Coke can.
● Verifying that any �bad� ones I have are only on inside
One of most famous examples of this exploitation began doors and don�t serve as a primary defense
in 2008. That�s when the makers of the Conficker worm
●
discovered and exploited an underlying weakness in Port
445 of the Windows operating system. The worm created Vulnerability management systems enable continuous
a remote procedure call that dropped a DLL on the system, hardening by making sure that CVE-2008-4250 – and its
unloaded two distinct packets for data and code, and hid many thousands of friends – are understood, mitigated,
itself in a remote thread to make itself at home. (It was and more-or-less unexploitable when the right steps are
infinitely more complex and clever than that, but you get taken. More mature solutions provide an ongoing
the idea.) In effect, the worm popped the Secure-A-Door assessment of overall risk based on whether these
Model 800, let itself in, repaired the lock, installed a new vulnerabilities are mitigated or ignored.
phone line to listen for orders, and sat in a comfy chair
waiting for instructions. It was able to leverage the “Without automation to
Internet, could register new domain names in which to
hide, and created an extensive botnet that by 2010 had provide the element of
infected, according to Panda Security, as many as 18
million PCs – 6 percent of the world�s PC population at the “continuousness” to
time.
these efforts we rapidly
This type of design failure or exploit is usually repaired by
a patch. In the case of Conficker, Windows Security find ourselves back at
bulletin MS08-067 made the danger known to the
worldwide Microsoft community and introduced a patch square one”
to prevent easy violation of Port 445. The MS bulletin was
in turn translated by the Common Vulnerabilities and Automation and Continuous Hardening�s Coming-of-Age
Exposures (CVE) site as CVE-2008-4250 and given a If I want to harden my systems against �known
Common Vulnerability Scoring System (CVSS) rating of vulnerabilities� – weaknesses or deficiencies for which
10—the most severe rating possible. there are known CVEs – I use a vulnerability management
solution. If I need to harden my systems against
Vulnerability management systems, unlike security �conditional vulnerabilities�—weaknesses based on the
configuration management systems that check to see that way they�re configured—I use a security configuration
doors and gates and windows are locked, do their part in management solution. But without automation to provide
system hardening differently. They make sure the proper the element of �continuousness� to these efforts we rapidly
patch levels are maintained and that any available defenses find ourselves back at square one.
have been utilized, by: To stick with our house analogy: If I�ve checked the
configurations of all my doors and windows, but I have no
● Proactively discovering whether I have any Secure-A- way to know when the state has changed and I instead rely
Door Model 800 locks installed on periodic inspection by human eyes, a phenomenon
known as �configuration drift � invariably occurs. I open
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 45