In the first part of this post we concluded that in order to successfully play defense in cyber security, it would be highly beneficial to be able to conceal sensitive defensive properties from the adversary.
Without exact information readily available, the adversary is left doing guesswork, which in turn gives the defensive mechanisms some rope to identify and block many exploitation attempts already during early intelligence gathering stages.
A common practical example of such information hiding would be ASLR, which makes control flow hijacking via ROP gadgets more difficult by requiring the adversary to perform analysis work to figure out the target process memory layout. However, effectiveness of ASLR as a defensive measure should not be overestimated, as it is vulnerable to side-channel information leaks, such as exact memory layout exposure via the proc file system.
Unfortunately, unless the early intelligence gathering by adversaries will be detected and mitigated, many important aspects of the cyber defense will eventually be disclosed. A typical attack vector preparation step would be to gather intelligence about the target system configuration and software version details, so the final decisive attack can be carefully prepared in a private laboratory setting. Just imagine how easy it will be for hackers to search the public databases for known unmitigated vulnerabilities from a target system after accurately identifying the relevant software components sitting at the trust boundary crossing.
Continue reading to the third part.
Without exact information readily available, the adversary is left doing guesswork, which in turn gives the defensive mechanisms some rope to identify and block many exploitation attempts already during early intelligence gathering stages.
A common practical example of such information hiding would be ASLR, which makes control flow hijacking via ROP gadgets more difficult by requiring the adversary to perform analysis work to figure out the target process memory layout. However, effectiveness of ASLR as a defensive measure should not be overestimated, as it is vulnerable to side-channel information leaks, such as exact memory layout exposure via the proc file system.
Unfortunately, unless the early intelligence gathering by adversaries will be detected and mitigated, many important aspects of the cyber defense will eventually be disclosed. A typical attack vector preparation step would be to gather intelligence about the target system configuration and software version details, so the final decisive attack can be carefully prepared in a private laboratory setting. Just imagine how easy it will be for hackers to search the public databases for known unmitigated vulnerabilities from a target system after accurately identifying the relevant software components sitting at the trust boundary crossing.
What is of supreme importance in war is to attack the enemy's strategy.So, the conclusion derived from the above wisdom of Sun Tzu is that we should focus on defeating the very foundation of the offensive strategy. What could possibly be a better way to thwart the looming cyber attack than to make it impractical to replicate the defensive tactical system in a laboratory setting, thus preventing preparations for the offensive in secrecy, and finally suddenly taking us by surprise.
Continue reading to the third part.
