Modeling Reality: The Great Wall of Fire

Erik Anderson (2)From the Developer’s Desk, by Eric Anderson

Modeling Reality is a series of blog posts describing how real world scenarios are modeled by our software. This is the sixth installment.

We’ve recently been focused mainly on the offensive side of cybersecurity—how an attacker causes a breach. Now let’s switch gears and talk about a defensive tool to protect against breaches—the firewall.

Firewalls restrict communication channels within a business operation. The levels of restriction correspond to the trust boundaries discussed previously: a firewall can allow communication from external sources, from sources within the business operation, from sources on the same network system, or from sources on the same host system. Different parts of the operation may have different levels of access restriction. Firewalls can also implement IP address restrictions, either blocking access for certain blacklisted IP addresses, allowing access for certain whitelisted IP addresses, or a combination of the two.

To model a firewall, we assign each technology element in the operation an access restriction level. But it’s not as simple as restricting the element’s access to that assigned level; we also model the possibility that the firewall was misconfigured and is not actually restricting the element at the desired access level. The likelihood of misconfiguration is determined by the governing policies of the operation. At the beginning of each simulation, we determine the actual access restriction level of each element based on the desired access restriction level and the likelihood of misconfiguration.

After the determination of access restriction levels, the firewall comes into play during vulnerability chaining. In addition to the access level associated with the vulnerability, the firewall associates an access level with the element itself. If the firewall prevents the attacker from communicating at all with the element, there is no way for the attacker to exploit the vulnerabilities of that element. Thus the actual access level of a particular vulnerability is the more restricting of the vulnerability’s access level and the element’s access level.

Another level of complexity arises from the potential for the attacker to breach the firewall itself and turn it off or reconfigure it to grant themselves unrestricted access. The firewall access restriction for each element is tied back to the element that actually provides the firewall, usually a network router. If a firewall gets breached, the elements protected by that firewall revert back to their default access level. For most elements, the default access level is external access.

Comments are closed. Posted by: on

Tags: , , ,