lessons network security

All posts tagged lessons network security

Ramayana an epic battle between good and evil teaches us various lessons about life, but does Ramayana have any lessons for network security.   I have made a small attempt at emulating Ramayana to the cyber scenario to find out.
         Our story begins from the eve of the day Ram was to be made proprietor of company Ayodhya. On that eve, Manthara an internal employee of the company Ayodhya, social engineers the mind of  Kaikeyi the wife of  Dasaratha into jealousy which makes her to invoke the ambigious agreement Dasaratha  made with her a long time ago. According to the agreement, Rama should be exiled from the company of Ayodhya for fourteen years and her son Bharata should be made the proprietor of the company. Dasaratha accedes to the demands of Kaikeyi and Rama agrees to his father’s decrees and leaves the company. Lakshmana and Sita follow him.  Meanwhile Bharata who is on a visit to his relative knows about the events in the company, returns and performs forensics  and finds about the scheme of his mother and Manthara. He refuses to lead the company and visits Ram and requests him to return to the company to which Ram disagrees.  When he sees Rama is determined to abide by the agreement he carries Rama’s sandals to be used as company’s logo.
Rama, Sita and Lakshmana journey south to Panchvati where they set up their own computer network. Surphanaka sister of Ravan the manager of all powerful company Lanka used to live in Panchvati. She was a malicious hacker and a scamster, fraudster. She tries to lure Rama while chatting into marrying her. Rama disagrees citing he already has a beautiful wife. When rejected she becomes furious and starts to launch a DOS against Sita. Lakshmana the network admin quickly prevents this and defaces Surphanaka’s site. Dejected by this, Surphanaka seeks help of her black hat brothers Khara and Dushana. Both brothers launch various attacks against Ram and Lakshmana but are defeated.  Surphanaka asks her brother Ravana for help.
Ravana becomes furious about the defacement of his sister’s site. He decides to steal the identity of Sita to teach Rama a lesson. For this he devises a procedure. He takes the help of Maricha an expert in impersonation attacks. Maricha creates a Trojan named “golden deer” and introduces it into Rama’s network. Sita falls for the golden deer and asks Rama to fetch it. Lakshmana warns that the deer maybe a Trojan but by then Rama already chases the deer hurriedly instructing Lakshman to take care of Sita. When Rama writes an exploit to attack the deer it reveals its impersonation, relays a message with impersonated identity of Rama to Sita and Lakshman. Sita believes this and asks Lakshman to help his brother. Lakshmana was confident that this was an impersonation but fails to convince Sita. As a last resort, he keeps Sita under the protection of host based IPS (lakshman rekha) and instructs her not to disable the IPS at any cost.  Ravana who was already remotely watching what was happening till then creates a phishing page of a hermit asking for charity. Sita proceeds to make a transaction from the protected system but fails. She disables the IPS and starts the transaction. As soon as she begins to make the transaction, a pop up appears claiming it is Ravana and Sita’s identity is instantly stolen. As Rama and Lakshmana return, they find Sita missing. They perform an intense search but can’t find Sita’s identity.
  As they sit in distress, they get a message from Jatayu.  Jatayu is a friend of Dasaratha and an expert at sniffing the network. When they reach Jatayu, he tells them that he saw packets containing Sita’s identity passing through the network he was sniffing and tried to do a Janus attack to retrieve the data but was prevented and disarmed by Ravana. They learn about the path the packets took from Jatayu and start conducting a firewalk. While conducting firewalk, exploits from system belonging to a person named Kabandha begins to attack their systems. Ram takes control of the system of Kabandha and summons him. Then Kabandha explains to Ram how his system has been taken over by a bot and asks Ram to restore it to its previous state. After Ram restores his system, he advises Ram to go to Sugriva’s company in Rishyamukha if he wants to retrieve Sita’s identity.  Rama and Lakshmana reach Rishyamukha. On detecting their presence, Sugriva sends Hanuman to enquire about their purpose. Hanuman uses social engg to know about the purpose of their arrival. Then Hanuman introduced the brothers and narrated their story. He then told Sugriva of their intention to come to him. Sugriva asks Rama to help him in defeating his brother Vali, the owner of the company Kishkindha in a cyber battle for him to help him. Vali and Sugriva were good friends before but became enemies during their cyber battle with a giant. Vali had a specific talent of being able to use half of his enemy’s exploits and resources against the enemy itself in a cyber battle. Sugriva challenges Vali for a cyber battle. During the battle Rama uses a backdoor to gain access to Vali’s system and defeat Vali. Sugriva becomes the owner of Kishkindha. As soon as he becomes the owner of Kishkindha Company he orders his  IT security professionals to start information gathering about the identity of Sita.  Kishkindha’s information gathering team follows trails left by Sita’s identity and find out the path taken by the packets to a network of Mahendra hills. When they start their recon in Mahendra hill network, they come to know from Sampati a passive sniffer that Sita’s identity packets went into Ravana’s network of Lanka. Their recon came to a standstill as Lanka’s network was guarded by a firewall, the invincible sea. Angada the team leader of the recon team asked “Who can bypass the firewall?”  Hanuman decides to give a try. After some data diddling, data enlargement and data shrinking he bypasses the firewall, passes through the IPS undetected, and gets access to the root domain. Then he does directory traversal to search for Sita’s identity. Then in a domain named Ashoka he finds Sita’s identity under protection. He bypasses the protection and uses Rama’s public key previously given to him by Ram to authenticate. He tries to retrieve the identity but realizes that only Ram is authorized to perform actions on the identity. He gets just read permissions on Sita’s identity.  Before leaving, he decides to teach Ravana a lesson by destroying data and bringing down systems in the Ashoka domain. Personnel intervene only to lose access to their systems. Indrajit the son of Ravan gains upper hand over Hanuman. Popups appear on the systems warning Ravan to deliver Sita’s identity.
Ravana was furious about the intrusion and the pop up and asks Indrajeet to infect the payload with malicious code so that it infects the Hanuman’s system on way back. Vibishana, ISO27001 information security analyst and risk and compliance assessment officer objects with this. Unfortunately the payload goes wild and infects many machines in Ravana’s network and brings down many machines. Hanuman then reported his hacking attempt to Ram and discloses the private key for non repudiation to Ram.
Kishkindha’s cyber army moves to Mahindra hills adjacent to the network of Lanka and set up their base there. Rama summons his cyber army commanders and sought their suggestions to bypass the firewall protecting the network of Lanka.
When Ravana got information that Rama was setting up his network at Mahendra hills and was preparing for a cyber war on his company, he summoned all his network admins and IT managers who unanimously decided to fight Rama to the DOS. For them, Lanka’s network was impenetrable and their admins undefeatable. Vibishana the risk and compliance officer disagreed with this.  He advises Ravana to return the stolen data and restore peace between the companies. Ravana becomes furious and suspends him from the company. Vibishana joins Rama’s company and becomes the closest advisor to Rama in the cyber war.
Rama decides to code a root kit to bypass the firewall to get access to network of Lanka. He social engineers Varuna the Maker of the firewall for three days to find any zero day vulnerabilities in the firewall. Nala, Kishkindha’s root kit expert starts coding the rootkit along with the help of thousands of programmers. The stupendous code takes five days to complete. After getting access to networks on the Lanka’s forest, Rama asks his Public Relations Officer Angada to mail a warning to Ravana. “Return the identity or face destruction.”
Ravana disagrees. The cyber war begins. Rama’s cyber army starts attacking the perimeter security of forest of Lanka. The cyber battle continued for a long time. Exploits after exploits were coded and many systems on both sides were brought down. The network in between was filled with exploits and viruses.
When Ravana’s cyber army was losing, Indrajit son of Ravana takes command. He had the exceptional talent of writing stealthy viruses. He writes the code SERPENT which locks down the systems of Rama and Lakshmana. Receiving no command from the domain controller, Kishkindha’s cyber army is disoriented. Garuda antivirus which has a history of disabling the serpent virus comes to Rama’s help and unlocks their systems.
Ravan joins the cyber war and executes his exploit Shakti against  Lakshmana’s system which shuts it down. Rama then brings down the carrier of the payload of Ravana leaving him helpless. Lakshmana’s system soon recovers.
Ashamed of losing to Rama, Ravana decides to use Kumbhakarna his brother. Kumbakarna is the designer of an invincible logic bomb that is active for six months of the year and disables itself for the rest of the six months. On hearing about the cyber war Kumbakarna tinkers with his logic bomb and starts attacking the Rama’s network. The logic bomb destroys many systems and is virtually unstoppable by any antivirus. Hanuman tries to tame the logic bomb but fails. Kumbakarna targets Rama’s system ignoring attacks from others. Rama who initially faces difficulty facing Kumbakarna finally brings down the command center of the logic bomb with a special exploit that brings down Kumbakarna’s system.
After the defeat of Kumbakarna, Ravana summons Indrajeet who promises to defeat the enemy quickly.
Indrajeet begins attacking Rama and Lakshmana with his stealthy exploits and fake IP addresses. Rama and Lakshmana find it difficult to target Indrajeet as they can’t trace his IP address. Indrajeet soon finds vulnerability in Lakshmana’s system and brings it down. Sushena the Backup and Restore expert of  Kishkindha deduces that Lakshmana’s system is in deep hibernation and can only be restored by a special software named Sanjibani found in the company Gandhamadhana’s  database. Hanuman hacks into Gandhamadhana’s software store and downloads the software. Lakshmana’s system recovers and he rejoins the cyber war.
This time Indrajeet plays a trick on Rama and his cyber army. He anonymously sends them a video of he destroying Sita’ identity. Seeing this, Rama collapses. Vibishana explains to Rama that this was only a trick and Ravan would not allow Sita’s identity to be destroyed at any cost. Vibishana further explains to Rama Indrajeet’s trick may only be a cover to buy him some time to find any zero day vulnerability present in Rama’s system and he would soon code an exploit to take advantage of the vulnerability. The best time to defeat Indrajeet would be to find him when he is coding the exploit in the night time.
Lakshmana, Hanuman and Vibishana stay overnight on their systems trying to locate Indrajeet. Just before Indrajeet was about to complete his exploit Lakshman finds his IP address and attacks it. After series of exploits, Indrajit’s system is brought down.
Despaired by defeat of his son, Ravana becomes furious and turns on his domain controller and challenges Rama. Ravan’s system is protected by ten honeypots and Rama finds it difficult to determine which the original system is. Vibishana comes to help Rama and tells him which the original system is. Rama scans Ravana’s system and uses his exploit Brahmastra to bring down Ravan’s system. Lanka was defeated. Rama scans  Sita’s identity for any infections using the antivirus ‘Fire’ and then retrieves it. Thus comes to an end the cyber war.
Now what lessons does this cyber Ramayana teach us.
1. Social engineering seems to be the most dangerous attack. Manthara used it to change the owner of the company Ayodhya  overnight,  Rama uses it to find a vulnerability in the firewall “sea”.
2.  Most dangerous threat to a company may come from internal employees. Ex: Sita  ( shouldn’t have disabled the IPS),  Vibishana(Was there anything he didn’t know about Lanka’s network.)
3. No network is 100% secure.There is no firewall that is invulnerable. Ex: Ravan thought that Ram could not cross the sea.
4. Trojans still pose a dangerous threat to any company. “Golden deer”.
5. Beware of phishing. You may not recognize it until it is too late.
6.  Agreements should never be ambigious.
7. A good backup plan may save the day for any company.