Economic and industrial espionage are one of the biggest threats to businesses. According to a BITKOM survey in 2013, 31 percent of all medium-sized enterprises were affected by IT security issues within the previous two years.
Attacks on individual businesses are increasingly being planned long beforehand and targeted in the form of Advanced Persistent Threats (APT). APT include all kinds of attack types, from interpersonal manipulation (social engineering) up to computer hacking, and targeting all the internal information in the local business network. Company-internal secrets should not leave the company’s network. According to another BITKOM survey, 47 percent of the surveyed enterprises are not sending out confidential documents by e-mail anymore. This means that an attacker has to intrude the company’s network directly or that he may be already a part of it! The survey goes on to say: 58 percent of the attacked enterprises claim that the interferences were caused by their own, also externally located, staff.
Protection against economic espionage and sabotage
To fend off APT attacks or reduce their damage companies must safeguard their internal networks. Fraunhofer SIT’s INTERN project is addressing this topic and focuses on the internal safeguarding of open gateways that have already been successfully misused and other possible attack vectors in the company’s network.
Fraunhofer SIT experts carry out vulnerability analyses, explore various types of attacks and apply the findings gained to safeguard the network. Our scientists derive countermeasures to prevent or at least mitigate attacks. Such countermeasures may be bundled in a connected protection model for the respective internal company network, guarding pro-actively against internal attacks. Each individual security component may simply be implemented in the end points such as company PCs, in printers or network appliances and firewalls.
Solutions for a protected network:
Security has not yet been taken into consideration for various protocols. This means that for the different protocols a multitude of vulnerabilities exists such as deficient or no authentication procedures, or lacking integrity protection. Fraunhofer SIT can supplement old, unsecure protocols with security without having to modify the protocols (see also the example HashGuard).
Currently only partial solutions (if at all) are being employed for encryption within internal Ethernet networks (for example from switch to switch or from switch to router). An internal safeguard, however, must be implemented first and foremost in the network’s most unsecure area: at the client connections. If these endpoints are secure an attacker will not be capable anymore to use them to access the enterprise network unnoticed, for example by using the access of external devices.
"One SSL is not like the other": Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used ubiquitously for internal and external communication. The most well-known example here is the Internet protocol HyperText Transfer Protocol (HTTP) that becomes HyperText Transfer Protocol Secure (HTTPS) SSL protection is in place. Frequently this spawns the fallacy that a user is immediately secure as soon as HTTPS is being used. The SSL/TLS network protocols, however, negotiate encryption methods (cypher suites), which are frequently not secure because the servers choose less secure processes based on their configuration, for example in order to be able to use less server resources and save on electricity. This means that only if the client actually gets the server to select the strong cypher suite the user will be secure. Some plugins for Internet browsers such as Firefox or Internet Explorer already offer this function. The INTERN concept focuses on this issue in a favourable manner independently for both the browser and user.
Fraunhofer SIT developed the Trust Establishment and Authentication Protocol, making network component trustability in an internal network remotely measurable. The state of the overall operating systems including its hardware components are being recorded in a secure manner and reviewed by other network participants. The concept was developed with industrial partners for disaster management networks in FP7 EU projects and has already been tested. Detailed information is available in TEA Protocol .
Software defined networking (SDN) aims at managing a network in a simplified and largely automated manner, for example via rule base access and dynamic port activation on switches, routers and other network devices. However, the characteristic SDN features currently do not consider endpoints. The option to connect INTERN solution concepts seamlessly with SDN allows already today to enhance the existing and constantly further developing SDN technology with endpoint security by applying the solutions offered by Fraunhofer SIT. This facilitates managing the introduced and other modularly combinable security concepts directly ad-hoc within the network by coupling it with SDN. (Besides SDN other management systems are possible for the INTERN modules as well.)
Fraunhofer SIT offer addresses enterprises from both business and industry. We provide consulting on IT security, analyse and harden infrastructures and industrial facilities. In cooperation with software and hardware enterprises solution concepts may be retrofitted and integrated efficiently into products such as network appliances, virtual appliances (VM), firewalls, SDN network appliances or endpoint security applications.
- Analysis and feasibility study of network internal issues and security applications
- Development and design of security modules focussing on internal network security
- Prototyping of protection models through individual or interconnected security modules for internal network security
- Integration of already existing security concepts
- Staff consults, awareness building and trainings in IT security, potential APT attacker approaches, internal attacks and necessary counter measures
- Risk and detail analyses of individual network components or systems, both for overall enterprise structures or crucial infrastructures
- Devise individual enterprise IT security guidelines