“Guccifer” and the Myth of the Secure Server

Recent claims from “Guccifer,” the Romanian hacker who allegedly accessed then-secretary-of-state Hillary Clinton’s supposedly “secure” email server and posted classified emails to the Internet, have brought into question exactly how “secure servers” are defined and whether they actually exist.

Expert corner submission by: Art Gilliland, Skyport Systems

Expert corner submission by: Art Gilliland, Skyport Systems

Though enterprises and government entities take stringent measures to protect their perimeters, their server farms and the files and workloads in them, can the actual server itself ever be said to be truly secure?

The simple answer is best framed in terms of the two most pressing challenges that organizations face. First, the adversaries have economic advantages when it comes to investment and risk. Second, the current approach to protection and security is fundamentally flawed. While most organizations have little ability to impact the first challenge, all of us can focus on addressing the second.

Currently, organizations follow two basic approaches to enforcing security. First, they build a security perimeter around the systems they are trying to protect. This protective wall controls what is allowed in and out. The other approach they also take is to put protective software (agents) on every device in their environment. These two approaches together attempt to build the security environment they need. Sadly, both fail because they either create too much complexity, so they make mistakes or, in the case of agents, they damage performance enough that employees turn off necessary functionality. Agents also have the challenge that they are typically as vulnerable as the applications they are protecting. Either way, the bad guys take advantage of the gaps and walk in through the digital doors and windows left open by these flawed approaches.

The industry needs to fundamentally rethink the way in which security is delivered. Organizations should consider building secure platforms for their most valuable infrastructure. This differentiation of security will allow organizations to reach a higher level of security for the areas that matter and potentially save money on the rest of the infrastructure. A secure platform should customize the power of perimeter security for every application, but be able to deliver that power without damaging the performance of the application, nor sharing its vulnerability. It is time to re-platform for security.

The characteristics of a secure platform are well known, the challenge has been building and maintaining the required components. It is not only difficult to build and integrate all of the tools, but making the system easy to operate long term has been a challenge.

To build a secure environment, organizations will need to ensure the following characteristics can be achieved:

  • A resilient and self-healing platform – The threat of rootkits and system level breaches has only increased in recent times. A system must recognize when it has been compromised and either repair itself to a provable and known good status or report that it is infected and quarantine itself.
  • Software and system interactions based on Zero-Trust – Most systems today start by trusting all connections and must be told not to trust certain interactions. Systems built on zero trust must be told which connections and interactions are acceptable.
  • Monitored and audited environment – Not only should we track the system health and any administrative changes which were made, but also have forensically valuable visibility into all interactions for the applications that are running. This collection of information makes it possible for administrators to see policy in action and identify where and when policy changes are needed.
  • Tightly-controlled administrative rights – Administrators need to be given extreme access to systems in order to set them up and make changes, however these rights are often exploited by external and internal adversaries. Managing and monitoring administrative controls well is critical to a secure system.
  • Integrated and easy to use – The primary vector for breaches is for the adversary to leverage human error and mistakes in configuration. The more integrated the platform and the easier the system is to manage and use, the fewer human errors will occur.

From the information we have to date not only on the breach of the Clinton email server, but also the Bangladeshi SWIFT server, many of the above requirements were not met.

Designing security into our systems has been a topic of conversation for decades, and yet we still fail to do it. Why? The computers, operating systems and software we use were designed to be open and to integrate “easily”. This is fantastic for speed and flexibility, but horrible for security. To secure this type of environment, organizations need to close all of the windows and doors, ensure they are locked and hope they didn’t miss anything. Guess what, we miss stuff.

While the need for the depth of security may not always be economically appropriate, for those servers and systems that really matter because they house the most important processes or information in an organization. Building security in from the ground up, helping to avoid human error should be considered essential.