Is Your Network a Monoculture? And Is That a Problem?
The term monoculture originates in agriculture, where it describes the practice of cultivating a single, homogenous crop in a given geographical area. The main problem with this approach is that if a disease breaks out to which the crop has no resistance, it can devastate the entire plant species. Famous examples include the Irish potato famine, or the recurring threats to genetically identical banana crops.
To compare this to the security risks within a computer network is nothing new. For years, it’s been pointed out that if a large number of machines are running the same operating system or application, and a new exploit or vulnerability in that software is discovered, they can all be compromised in quick succession – not unlike a pathogen spreading through a crop of identical plants.
The solution, of course, is to introduce diversity to your network. This isn’t a new idea either. Many organizations still protect the edges of their environments with a demilitarized zone and mandate that two different firewalls from two different vendors are used. This means that there is always a second layer of security to fall back on if the first of them is compromised.
A lot of the time, though, networks are still designed to be essentially monocultures, without much thought given to the security risks versus the effort involved in establishing diversity.
Using Dissimilar Operating Systems Can Help, and Isn’t Necessarily Difficult
With AppGate, we’ve long advocated that organizations should use dissimilar operating systems as part of their network defenses. A Windows network, for example, can be protected using Linux firewalls and Unix security gateways. Then, if a zero-day vulnerability is discovered in one operating system, the hackers can only exploit those affected machines. If the network topology supports defense in depth, then it may not be possible to leverage this temporary opening because the next hop uses a different operating system.
The same applies to protocols, too. Think of OpenSSL – the discovery of the Heartbleed vulnerability last year was said to have rendered some 17 percent of the Internet’s secure web servers at risk of attack. By using different encryption protocols such as SSH for management or for at risk parts of their networks, organizations can reduce the extent of the damage that might be caused by a single type of failure.
Diversity works because it makes life more difficult for hackers, who are often opportunistic and will therefore move onto another target rather than focus their efforts on having to find a way of compromising a second type of operating system in a short time window.
It might be argued that this makes life difficult for the organization, too. However, it’s not always the case that software diversity gets in the way of normal working processes – if they’re set up correctly, it shouldn’t make any difference to an end user whether a security gateway or file server is running a dissimilar operating system to their own computer.
It requires that admins to do a bit more work – but this is always the case with defense in depth. And the additional work now is nothing compared to the efforts and costs incurred if there is a breach. Just look at the example of the French broadcaster TV5Monde. TV5Monde was visibly hacked in April when the French news channel, which broadcasts ten channels in over 200 countries, was brought down by hackers who also gained control of its social media channels. Yves Bigot, CEO at TV France, was quoted in French magazine France.Info recently, in which he said that the broadcaster was without Internet and Skype, and equated the situation to him and his colleagues being castaways in the TV series ‘Lost’. He said the initial attack cost varied between €4.3 million and €5 million, with €9.9 million due to be spent over the next three years for continued remediation.
Are There Other Monocultures in Your Network, Too?
Beyond operating systems and protocols, there are other places in a network where the symptoms of a monoculture might be found. Access controls are one example. A lot of organizations aspire to having a single superuser account that can be used to administer much of the network. This means that an attacker can use a compromised account to install a key logger and just wait to capture some better credentials which then allow the attack to be completed very easily.
The basic principle of defense in depth is that hackers should have to jump hurdle after hurdle to effect a data breach. If a single zero-day exploit or stolen password is all it takes for hackers to compromise the entirety of your network, there’s a good chance you haven’t adhered to the philosophy as rigorously as required. Here’s a great example; in the recent Ashley Madison data breach, the hackers reportedly stole a staggeringly wide range of data – customer records, card numbers and images, but also employee documents, emails and source code. You have to wonder: how did they compromise so much heterogeneous data in one attack? Could it have been because Ashley Madison’s network security itself was too homogenous?
Read how AppGate can help your organization achieve simple and secure network segmentation.