What the IPSec Hack Can Teach Us About One-Layer Cyber Protection

by | Cyber Defense, Cyber Protection

Think one-layer cyber protection is enough to handle whatever threat comes your organization’s way? Think again.

Even the most comprehensive cyber defense system can still be vulnerable when dependent on a single layer of security.

Don’t believe me?

This month researchers at Opole University, and the Institute for IT Security, demonstrated a weakness in certain implementations of IPSec.

To be clear, this was not a failure of the IPSec protocol itself; rather the exploit was due to implementations by Clavister, Zyxel, Cisco and Huawei.

However, if your private data is stolen, it doesn’t matter whether the theft was due to a weakness in the hardware, software, protocol, or implementation.

All anyone cares about is whether information has been kept SECURE.

The Myth of “Jack-Of-All-Trades” Cyber Protection

We’ve talked to several companies who deployed state-of-the-art technology for cyber defense. They had top-notch firewalls, digital loss prevention (DLP), IPSec tunnels, or other tools in place. 

But they all had one potentially fatal flaw for each solution.

At a financial company we worked with, they were compartmentalizing their network into layers of isolated zones, with firewalls deployed to protect each zone. However, they were using the same brand of firewall at each tier of the architecture. A single vulnerability in the firewall could be exploited at each level of the network. Instead of seven layers of protection, they had one layer of protection, seven times.

At another firm they had deployed intelligent DLP devices to prevent private data from leaking. In their case the traffic was encrypted and exposed to the Internet. Since the DLP equipment could NOT decode the traffic, it was blind to the fact that data was escaping.

Another security team was securing all their traffic with IPSec tunnels. As the report indicates, those tunnels were VULNERABLE. Hopefully the “white hat” researchers found, and disclosed, the vulnerabilities to equipment providers before hackers spotted the weakness.

This is not to criticize those solutions. Each tool is powerful and together can be very effective. The problem comes when a single tool is thought to be THE solution.

Just as there is value in bringing diverse perspectives to a team of employees, we need diverse tools to protect our systems. Each tool brings a different perspective. Even firewalls from different vendors offer better security than using a single product line.

Even better, use different types of products. For example a proxy intercepts data that is allowed through the firewall. IDS and IPS provide behavioral or signature based analysis of traffic allowed through. Identity and access management (IAM) tools validate that users can only access appropriate systems and information. Multi-factor authentication validates the right person has the IAM credentials.

At HOPZERO we offer tools to limit data movement. This addresses some of the same issues as firewall, IDS, IPS, and DLP tools, but in an alternative way. Instead of looking from the outside to keep people out of the network and devices, HOPZERO examines information flow from the inside looking out. Limiting data travel provides a new ability to keep information in the network and detect anyone attempting to breach the travel limits.

What does your cyber protection mix look like? Does it have multiple layers of cyber defense to keep people out of your network? Do you have adequate defenses keeping information inside your network? The right product mix can make your organization more secure.


Keeping Data on a Short Leash to Avoid Breaches

Even the best-trained dogs have leashes while in public. Despite how much one trusts their dog to act obediently, it simply is not possible to know what kind of situations one might encounter while on a walk—maybe an enticing squirrel? A loud noise?...

HOPZERO Selected as “EMA Vendor to Watch”

Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research — and unrivaled analysis — the EMA is an important resource for data management and IT professionals...

Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.