Cost of End-To-End Encryption

Cost of End-To-End Encryption (Lack of Intrusion Detection / Prevention in Encrypted Traffic)

End-to-end encryption has its cost.  Intrusion Detection and Prevention Systems (IDS and IPS)  are unable to analyze encrypted traffic and attack vectors may get through the iDS / IPS if the traffic is in an encrypted format.  Encryption should be maintained as close to the Destination Server as possible.  Once the traffic is in a secure site, the traffic can be decrypted for analysis by Firewalls, IDS and IPS devices before they reach their Destination Servers.

IDS and IPS devices by themselves are incapable of decrypting and re-encrypting traffic.  Until this technology is developed, there is a risk of data sniffing at the last mile where the IDS / IPS is setup.  But this risk could be significantly lower than the risk of malicious traffic reaching your destination servers.  The risk of data sniffing could be further reduced by securing the DC, segregating the last mile communication into separate VLAN and turning off port mirroring for the VLANs concerned.

References:

http://searchsecurity.techtarget.com/magazineContent/Data-Encryption-and-IDS-IPS-Getting-a-better-view-of-network-activity

Cost of End-To-End Encryption

Easy Personal Honeypots

Honeypots

Honeypots are tools which helps in informing the owner of an asset if his private / confidential property is being snooped / intruded upon by an attacker.  Honeypots are aimed at luring the perpetrator who got unauthorized access to the property – Email, Online Storage, Personal Laptop, Server, Network, etc – to interact with the honeypot, thereby triggering an alert to the owner.

Traditionally, the setup of honeypots have been limited to devices in the network that were setup purely as honeypots and were expensive.  But with the advent of Honeytokens, they offer a much easier and cheaper way of detecting intrusion to your private / confidential property.

Honeytokens

Honeytokens are honeypots that are not computer systems.  Honeytokens can exist in almost any form, from a dead, fake account to a database entry that would only be selected by malicious queries, making the concept ideally suited to ensuring data integrity—any use of them is inherently suspicious if not necessarily malicious.

Honeytokens can be embedded in folders, files, URL links, Database Tables, Email, DNS, etc.  Any interaction with these items would trigger an alert to the administrator.

Canarytokens

Canarytokens, provided by Canarytokens.org are honeytokens intended for easy use by the masses.  The site lets users easily create honeytokens intended for a particular property and trigger an alert to the users’ custom provided email address.

Any interaction with the token would trigger a connection to the Canarytokens domain, from where an alert would be then triggered to the users’ custom set email address informing  users of the breach.

Recommended places to put Canarytokens are:

  • Dropbox
  • Google Drive
  • Gmail
  • Confidential directory and files in your personal computer
  • Server directory and files
  • Your customer mailing list

Canarytokens may fail if the perpetrator manages to block traffic to Canarytokens domain.  To overcome this, the user can make use of Dockerized  Canarytokens and install them in a the user’s custom internet facing domain.

 

References:

https://en.wikipedia.org/wiki/Honeytoken

http://canarytokens.org/generate 

http://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html

https://github.com/thinkst/canarytokens-docker

https://canary.tools/

Easy Personal Honeypots