Give me a foothold or secure internet - it's a reality

The main problem of access to information resources of the Internet is that the point of connection to it becomes part of this network and, as a result, becomes public, interacts with it using generally accepted network protocols and interacts with the protected network using the same protocols. No testing methods can prove the absence of errors in the software (Dijkstra's postulate). Having unlimited access to the Internet connection point, an attacker can, using standard network protocols, standard software and the errors or errors found in his settings, make unauthorized access through the connection point inside the corporate network with all the ensuing consequences.

Within the framework of the discussed problem, two most likely ways of violating the confidentiality of information can be distinguished:

  • Listening and reconstructing the traffic of transmitted data between corporate networks at some point on the public network;

    image
  • Penetration into the corporate network at the point of connection to the public network and / or violation of its normal functioning.

imageTo paraphrase Archimedes, who said “give me a fulcrum and I will turn the Earth”, we can say “give me a connection point for your network to the Internet and I will hack your network”.

Since the public network (in this case, the Internet) is beyond the control of security administrators of automated systems of government bodies and organizations of the Russian Federation, the only way to manage the risk of listening to traffic while passing through the public network is to use cryptographic tools. Such means can be VPNs, encrypted tunnels, and when accessing the portals, the tls / https protocol is used.

A more serious threat is penetration into the computer networks of government bodies and organizations of the Russian Federation through points of connection to a public network, when it becomes possible not only to access confidential information, but also the possibility of its destruction, when no cryptographic protection will save from the damage.

Managing the risk of penetration into the LAN through the connection point to the public network involves solving two main technical issues:

- hiding the structure of the internal corporate network;
- protection of the connection point to the corporate network from unauthorized access.

At the same time, if we consider the Internet (or any other public network) not as an IP network, but as some substance providing a range of services (e-mail, transport medium, ftp-servers, Web-servers, Gosuslug portal , etc. .), it turns out that it is possible to find technical solutions that allow these services to be used without providing an access point to an attacker.

And so, in order to prevent unauthorized access from the Internet to the user's computer or to the corporate network, following the postulate of Archimedes, it is necessary to deprive the attacker of access to the LAN entry point or the protected computer. How to do it?

imageToday, probably, everyone knows that two hemispheres are used in atomic bombs.. And until they are united in one deadly ball, this bomb in the form of two hemispheres does not pose a threat.
By analogy with the atomic bomb, the Internet connection point can also be made up of two “hemispheres” - two servers exchanging data with each other via a high-speed interface, for example, IEE1394:

image

As can be seen from the figure, it separates local and public networks and does not lead to the appearance of any opportunities for access via any network protocols from the Internet LAN, and also does not allow LAN users to access the Internet.

For simplicity, in the future, the implementation of such a connection will be called a binary Internet connection point or Shield point - a safe / secure connection point:

image

There is no public network information on the Si internal server. Also on the external Se server there is no information about the internal LAN. This is one of the reasons for the impossibility of a breakthrough from the Internet to the internal LAN, and, conversely, from the internal LAN to the public network. Even if an attacker in an open network becomes aware of any address on the internal network, then using it he can get anywhere, but not on the internal network.

Thus, the Shield connection point provides:

  • Lack of interaction at the network level between the internal Si and external Se servers and, as a consequence, the preservation of the independence of secure and public computer networks, to the extent that they can have the same IP addressing;
  • Transparency both for standard protocols (http, https, ftp, ssl, pop3, etc.), and the ability to write custom protocols for client-server systems;
  • Access of users of secure computer networks to various services of public networks in the absence of network interaction between secure and public networks;
  • Possibility of separate administration of external and internal gateways: the administrator of the external gateway does not have access (does not know the password) to the internal gateway and vice versa.

The Shield connection point can be considered as a proxy server when LAN users access browsers to the Internet’s Web resources.

The weak link remains the external Se server of the Shield access point, which is directly connected to the Internet. An attacker can gain control of this server, but he will not be able to achieve his goal - to penetrate the LAN and cause damage to it. But since the LAN administrator will immediately become aware of this (for example, the connection with the outside world will be lost), you can always go to the backup channel and restore communication with the outside world.

Also popular now: