{"id":257,"date":"2021-10-07T16:07:09","date_gmt":"2021-10-07T15:07:09","guid":{"rendered":"https:\/\/cyberphil.azurewebsites.net\/?p=257"},"modified":"2021-10-07T16:14:51","modified_gmt":"2021-10-07T15:14:51","slug":"r-is-for-security","status":"publish","type":"post","link":"https:\/\/www.cyberphil.co.uk\/?p=257","title":{"rendered":"R is for Security"},"content":{"rendered":"\n<p>A lot of users, consumers and companies were hit by the recent Facebook outage in early October.&nbsp; Speculation ran high as to the cause of the outage and most probably a fair percentage of us instantly thought \u2013 \u201cCyber Attack!?\u201d&nbsp;<\/p>\n\n\n\n<p>The Russians? Chinese? North Koreans? ISIS? Insulate Britain?&nbsp; The list is endless.&nbsp; Facebook is a target for all of that.<\/p>\n\n\n\n<p>The motives behind attacks such as Denial of Service (DoS) are equally endless.&nbsp; Money, political gain, industrial espionage, terrorism and simple kudos.&nbsp; Facebook is a target for all of that.<\/p>\n\n\n\n<p>The post-outage analysis will no doubt rumble on but there was one thing that caught my eye on the official statement from the Facebook Engineer post.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-facebook-engineering wp-block-embed-facebook-engineering\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"G0GnfiWFRu\"><a href=\"https:\/\/engineering.fb.com\/2021\/10\/04\/networking-traffic\/outage\/\">Update about the October 4th outage<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Update about the October 4th outage&#8221; &#8212; Facebook Engineering\" src=\"https:\/\/engineering.fb.com\/2021\/10\/04\/networking-traffic\/outage\/embed\/#?secret=G0GnfiWFRu\" data-secret=\"G0GnfiWFRu\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>The last paragraph of the their statement reads:<\/p>\n\n\n\n<p>\u201cPeople and businesses around the world rely on us every day to stay connected. We understand the impact that outages like these have on people\u2019s lives, as well as our responsibility to keep people informed about disruptions to our services. We apologize to all those affected, and we\u2019re working to understand more about what happened today so we can continue to make our infrastructure more resilient.\u201d<\/p>\n\n\n\n<p>And the word that leaps out at me is \u2018resilient.\u2019<\/p>\n\n\n\n<p>We are often too embroiled in the world of \u2018cyber\u2019 as new technologies and the associated nerdy definitions emerge and focus on threats and attacks \u2013 often forgetting one of the key aspects of this whole risk equation which is the potential impact.<\/p>\n\n\n\n<p>The Facebook outage is just one example of many that we all face at every level, daily on our networks and ultimately it has a lot to do with the threat actors out there but also the vulnerabilities and dare I say it, fragilities on all of the networks we work with.<\/p>\n\n\n\n<p>The first shout that went out after Facebook went down was \u2013 \u201cit\u2019s a DNS problem!\u201d.\u00a0 This made me smile as I remember from the early days in my IT career and long before I even properly understood what DNS was \u2013 that it was always the blame for everything on the network.\u00a0 It\u2019s almost like an \u2018IT Crowd\u2019 response (rather than have you tried turning it off and on again?!)\u00a0 \u201cIt\u2019s probably a DNS issue\u201d \u2013 was normally a correct assumption but DNS is only as good as the services around it and the administration put into it.\u00a0 <\/p>\n\n\n\n<p>Like pretty much everything in the world of networking and IT.<\/p>\n\n\n\n<p>Every network regardless of its shape and size is dependent upon the services, applications and more importantly the protocols which hold it together.&nbsp; Those of us that like to work in these areas understand the concepts of OSI and TCP\/IP.&nbsp; But when you look at how old most of these protocols are and how modern and technologically advanced the systems are that rely on them \u2013 is it any wonder that occasionally something breaks?<\/p>\n\n\n\n<p>It\u2019s a bit like having a very modern, all singing all dancing car with no petrol at the pumps.&nbsp; You may be able to control the car but do you control the supply chain?<\/p>\n\n\n\n<p>Technology is reliant on a lot of external forces to make it work and most of it is out of your control and some of it is as old as the hills.\u00a0 Break one element in the chain and it stops.\u00a0<\/p>\n\n\n\n<p>In the world of \u2018Cyber\u2019 and \u2018Infosec\u2019 we also have to remember to focus on the boring elements of resilience and redundancy &#8211; which allows us to put as big a tick as we can in the \u2018Availability\u2019 box.<\/p>\n\n\n\n<p>Your systems can have the most Confidentiality and Integrity you can afford built in and be as sophisticated as you like, but if the glue holding it together gives way then you have a problem.<\/p>\n\n\n\n<p>Protocols and applications such as TCP, IP, BGP and DNS all work like the glue on a network. &nbsp;They remain transparent to us and we rely on them every day.&nbsp; But as soon as one of them goes wrong or is misconfigured the impact can be huge.<\/p>\n\n\n\n<p>The biggest threat to our network is the Insider Threat.<\/p>\n\n\n\n<p>The biggest type of insider threat is by far accidental and non-malicious actors.&nbsp; A click on a link, letting someone you don\u2019t know in, sending an attachment to the wrong addressee, pulling out the wrong cable \u2013 is far less sexy than blaming the Russians or the Chinese etc &#8211; but it is far more likely.<\/p>\n\n\n\n<p>So until I hear differently \u2013 I will go with internal error as it\u2019s probably true.<\/p>\n\n\n\n<p>The biggest task that Facebook has is not finding the culprit or resolving the problem but learning from it and building some resilience into their change management processes.<\/p>\n\n\n\n<p>\u2018R\u2019 is a big part of Security<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A lot of users, consumers and companies were hit by the recent Facebook outage in early October.&nbsp; Speculation ran high as to the cause of the outage and most probably a fair percentage of us instantly thought \u2013 \u201cCyber Attack!?\u201d&nbsp; &hellip; <\/p>\n","protected":false},"author":1,"featured_media":258,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-257","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-cyber","grid-sizer"],"_links":{"self":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=257"}],"version-history":[{"count":8,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/257\/revisions"}],"predecessor-version":[{"id":266,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/257\/revisions\/266"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=\/wp\/v2\/media\/258"}],"wp:attachment":[{"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyberphil.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}