May 25, 2018, synonymous with world disaster? Perhaps. It all depends on whether companies are prepared to manage the
possible consequences of the General Data Protection Regulation (GDPR).
Tribune libre by Hervé Dhelin, Strategy at EfficientIP
Catastrophic consequences for non-compliance
The GDPR regulation imposes a set of rules to respect if you have data on European citizens. In today's new world of data, it is necessary to guard against data loss and network violations; Phenomena that have become uncontrollable in recent years.
With limited regulation, companies that are victims of exfiltrations can get along with an apology, a fall in the course of their action and possibly the resignation of one or two of their leaders. But this is about to change because consequent penalties are announced in the distance. Data theft will not only have significant effects on the entities whose data has been stolen; With the GDPR regulation, they will have a strong impact on the companies involved: penalties between 2% and 4% of global turnover, as well as penalties that may force companies to completely stop processing user data.
However, the GDPR regulation contains a number of gray areas and no one knows what the consequences will be. If a recent study by PWC reported that the CIOs claim to allocate millions of dollars in budget to comply with the GDPR regulation, how do they know they are putting their budgets in the right place? Where do they start?
How to guard against it?
It is important that organizations have strong security policies in place, including improved network security and data protection. The often overlooked attack is the exfiltration of data via DNS.
Exfiltration by the DNS often follows a sophisticated attack. While most security systems block obvious data transfer mechanisms (eg FTP), DNS protocol often remains insecure. This provides attackers with a loophole - where connections to servers are not blocked.
There are two ways to extract data on your network using the DNS:
Set up data blocks encoded in DNS queries
Tunneling, which exfilters data in the DNS tunnel to an accomplice name server. Thus, assailants have a control and control channel for their tools and create a quick way to extract data; A known attack and allowing for example to exfilter 18 000 credit card numbers per minute from the server of an attacker.
Cybercriminals use DNS for data exfiltration because traditional security tools are usually able to lock the easiest routes on the network via more common protocols such as HTTP or FTP. Therefore, attackers must now explore, experiment and take advantage of other protocols. It is also easy to hide exfiltered data in the normal context of a DNS query.
All applications today are IP-based and therefore use DNS services to operate, which means that most DNS servers are constantly busy. Then comes an additional problem with the BYOD and the public Wi-Fi. The total volume of traffic makes it difficult to analyze and detect queries used for exfiltration, especially when they can be spaced over time according to normal traffic.
Related:
So how to protect your networks?
First, by inspecting your traffic. Traditional surveillance techniques may block legitimate traffic. By integrating security tools into your DNS servers to see what's going on inside them, you have a better overview and fine granularity to analyze each transaction. Once you have identified malicious traffic, you can start countering the attack by blocking malicious domains or queries by reducing the risk of false positives.
Preserving DNS security is the first step in helping to comply with the GDPR regulation, as it is not only a matter of avoiding infringements. Any data theft should be reported as quickly as possible and within 72 hours. The best thing is not to report a data theft at all.
We are in an increasingly dangerous world where data is useful to companies - and attackers. The GDPR regulation requires companies to optimize their security and provides for significant penalties in the event of a failure. This assumes much more than just protecting your databases. You also need to protect every part of your IP networks.
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
Tweet to @adesignmedia
Tribune libre by Hervé Dhelin, Strategy at EfficientIP
Catastrophic consequences for non-compliance
The GDPR regulation imposes a set of rules to respect if you have data on European citizens. In today's new world of data, it is necessary to guard against data loss and network violations; Phenomena that have become uncontrollable in recent years.
With limited regulation, companies that are victims of exfiltrations can get along with an apology, a fall in the course of their action and possibly the resignation of one or two of their leaders. But this is about to change because consequent penalties are announced in the distance. Data theft will not only have significant effects on the entities whose data has been stolen; With the GDPR regulation, they will have a strong impact on the companies involved: penalties between 2% and 4% of global turnover, as well as penalties that may force companies to completely stop processing user data.
However, the GDPR regulation contains a number of gray areas and no one knows what the consequences will be. If a recent study by PWC reported that the CIOs claim to allocate millions of dollars in budget to comply with the GDPR regulation, how do they know they are putting their budgets in the right place? Where do they start?
How to guard against it?
It is important that organizations have strong security policies in place, including improved network security and data protection. The often overlooked attack is the exfiltration of data via DNS.
Exfiltration by the DNS often follows a sophisticated attack. While most security systems block obvious data transfer mechanisms (eg FTP), DNS protocol often remains insecure. This provides attackers with a loophole - where connections to servers are not blocked.
There are two ways to extract data on your network using the DNS:
Set up data blocks encoded in DNS queries
Tunneling, which exfilters data in the DNS tunnel to an accomplice name server. Thus, assailants have a control and control channel for their tools and create a quick way to extract data; A known attack and allowing for example to exfilter 18 000 credit card numbers per minute from the server of an attacker.
Cybercriminals use DNS for data exfiltration because traditional security tools are usually able to lock the easiest routes on the network via more common protocols such as HTTP or FTP. Therefore, attackers must now explore, experiment and take advantage of other protocols. It is also easy to hide exfiltered data in the normal context of a DNS query.
All applications today are IP-based and therefore use DNS services to operate, which means that most DNS servers are constantly busy. Then comes an additional problem with the BYOD and the public Wi-Fi. The total volume of traffic makes it difficult to analyze and detect queries used for exfiltration, especially when they can be spaced over time according to normal traffic.
Related:
So how to protect your networks?
First, by inspecting your traffic. Traditional surveillance techniques may block legitimate traffic. By integrating security tools into your DNS servers to see what's going on inside them, you have a better overview and fine granularity to analyze each transaction. Once you have identified malicious traffic, you can start countering the attack by blocking malicious domains or queries by reducing the risk of false positives.
Preserving DNS security is the first step in helping to comply with the GDPR regulation, as it is not only a matter of avoiding infringements. Any data theft should be reported as quickly as possible and within 72 hours. The best thing is not to report a data theft at all.
We are in an increasingly dangerous world where data is useful to companies - and attackers. The GDPR regulation requires companies to optimize their security and provides for significant penalties in the event of a failure. This assumes much more than just protecting your databases. You also need to protect every part of your IP networks.
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
suivre Dhaouadi Aymensur
