Digital communications in conjunction with the use of the modern internet have grown exponentially to the point that to communicate digitally has become an indispensable facet of everyday life. From cellphones, to netbooks to email, blogs and online portals, the transfer and exchange of electronic data controls the way many interact with each other and communicate both personally and for business. Now with the current trend moving towards "cloud" computing where all a persons or companies keep important documents stored and accessed online or in the "cloud", cyber security has now become the number one priority of many.
Methods to protect data as encryption, antivirus software, firewalls, and access passwords have been around long before the modern day data revolution, but unfortunately none of such have grown as effective security solutions to accommodate the modern day modes of digital communication. Devices which can connect to the global data network or Internet, have become increasingly smaller and more intelligent. For example with just a modern cellphone, a person can access their email, post updates to blogs, and access personal or corporate documents all through the internet.
The typical security approach in the past has been based on the model to restrict access using firewall systems or detect intrusions as viruses using signature based scanning systems. All such solutions are based upon the concept to restrict, channel, hide and limit access to data. A firewall, for example, borrows its name from "fire retardent walls" which are designed to create safe areas where fire cannot pass because of the material from which they are constructed. In this case any external access that has not been deemed necessary to an internal or public network is considered fire and simply blocked. Antivirus solutions and the Virus signature model have also proven inadequate because of the turn around time required to update signature files and the amount of resources such systems use to scan 1000's of files. It is like the concept of sending the police to everyones house in a city of millions of people to try and find where the bad guys are hiding. With modern computers containing several 1000 files, and the ever changing almost polymorphic nature of modern viruses, the signature based scanning model no longer is practical.
The problems with the current approaches, is with the increasingly widespread use of digital networks, there has never been any method in which to dynamically update firewalls or signature databases to accommodate for new types of access and threats. Almost daily there are new applications which are constantly becoming necessary for people to effectively gain access to digital services and equally new threats. The current security model was never meant to be a solution that determines quickly between good activity and bad. In fact it restricts the freedom of the entire group to protect from the potential threats of a few. A truly useful security system has to be able to allow and maintain access to the group and then only limiting or denying access to those activities that are out of line with the established norm of operations.
Each security technique brings with it a cost of ownership and generally firewalls, antivirus software, VPN networks, and access control methods serve more to limit access to modern day digital networks than actually protect them. System administrators and corporate IT security directors can no longer feasibly follow the restrict everything model since in the end they are merely restricting legitimate access and extremely limiting the ability of their users to take full advantage of the digital information revolution and doing little to prevent actual "hackers" or unauthorized access to their networks.
A truly effective cyber security solution has to be as dynamic and flexible as the score of every changing applications and digital services and digital access devices being used. It is no longer a feasible model to restrict everything, or scan everything, as this only serves to hinder users from taking advantage of the increased productivity and power brought by the modern digital networks and internet and is a tremendous use of computing resources.
The cybersecurity security model for data networks can defined as something which protects data and data systems by denying access to unauthorized users, preventing downtime of authorized services by unauthorized activities (Denial of Service attacks), and preserving the overall functional state of health of a digital network at 99%.
1)Protecting of data and data systems from unauthorized access
As more and more information is being stored online as financial information, credit card numbers, classified documents and information that cannot fall into unauthorized hands, data protection is the top concern of cybersecurity. Unfortunately there have been many famous security breaches of important data as millions of credit numbers stolen, to theft of corporate trade secrets and even concerns of foreign countries retrieving national security information by the use of trojans and other intrusion methods.
Methods for intrusion include
The installing of backdoor network intrusion applications hidden in or disguised as legitimate applications that enter inside a network by authorized users inadvertently opening infected emails or websites.
Brute force attacks, where common user names and weak passwords are exploited by systems that try millions of combinations of username, password sets to gain access.
Exploits in operating systems as Microsoft windows that allows a secure or authorized service to be exploited by found flaws in the softwares design.
Theft or breach of internal networks by employees or persons normally authorized with allowed access to the systems, or who hold access to certain areas where by internal snooping they are able to find passwords and authcodes to secure areas. (Notes left on desks, computers left logged in to secure areas.
Exposing of data to external breach by placing documents on USB pendrives and laptops in order to present such data in meetings outside of the network. Many times employees place a document on a USB pen that is for a presentation at a remote location, but they happen to also have secure documents unrelated to the current meeting which got left on their USB. Then they place their pen drive in a third party computer in order to present 1 document, not knowing that particular computer has a trojan which quickly copies all of the data on their USB to an unauthorized 3 party location.
2)Preventing downtime of authorized services by unauthorized activities
Brute force attacks, scanners and denial of service attacks can cause a network, its servers and main access routers, to be brought down to the point that the network is no longer usable in any form. Such attacks cause considerable damage and downtime to networks on a daily basis. The ability to detect such attacks and cut them off at the source farthest away from the core network and its services is very important to the overall health of a strong cybersecurity program.
3) Preserving the overall functional state of health of a digital network.
Preserving the health of a digital network is not just in the prevention of attacks and unauthorized activity but also in the preservation of core services and data access that its authorized users depend upon. It is not a viable solution to stop an attack or prevent potential attacks by also preventing or limiting authorized access. A cybersecurity solution has to be able to isolate and prevent attacks and breaches to its integrity by at the same time not limiting or denying access to its resources by authorized users.
It is clear from the many different ways that security can be breached in data networks, and the overwhelming dependence on such networks that the current security methods are not only no longer adequate to protect such networks, but themselves serve to further cause more security problems and network access issues. As such an urgent need has arisen to change the current mode of approach to cybersecurity and create a new dynamic model that is able to constantly adapt to the ever changing needs to protecting data networks.
A new IDS model must be created that has to adhere to the following goals:
The goal of any IDS system must be to preserve the integrity of the network in which it protects and allow such network to function in its ideal operating state at 99.99%. An IDS system must be lightweight and dynamically deployed. An IDS system cannot itself become another intrusion and must not break the first rule by comprising the networks integrity in using too much computing and network resources in its attempts to protect the network.
An IDS system must be able to constantly adapt to an ever changing environment and self update its own signature records based on evolving threats. An IDS system must not require extensive hands on resources to constantly update its signature files and require manual verification that the threats it detected are actual and not false. An IDS system has to be able to simultaneously protect the network against attacks, unauthorized use and downtime, without preventing nor limiting network access and use of network resources to authorized clients. As such it must be unobtrusive at all times and preserve the network in an open state where its core services and resources are 99.99% available to the networks authorized users while detecting, isolating and preventing unauthorized activity.
Truly only research in proactive defense mechanisms will hold usefulness in protecting the digital networks of now and in the future.
Brandt Hott
hottmex@gmail.com