Bench Talk

In part 1, we explored the mind of a hacker, the kill chain approach he takes, and the many clues and vulnerabilities he uses to exploit systems. In part 2, we’ll look at tangible steps you can take to improve your development processes while minimizing risk in the systems you design. By the end of this article, you will be challenged to:

• Perform a risk assessment.
• Integrate security into your development life cycle.
• Test aggressively.
• Choose agility over strength.
• Keep it clean.
• Put it in the cloud.

A comprehensive risk assessment of your entire environment, including development practices, is the first step. The NIST 800-53 documents outline a risk assessment approach that you can use. If NIST is too esoteric, you may try any number of industry approaches. At Anitian, we use our RiskNow^® approach, which fuses interviews with technical assessments.

In general, use a risk assessment to guide your security efforts. The intent is to focus on the areas of your system(s) that have the most threats or highest risks.

You cannot wait to secure a system once it is designed or built. Instead, security must be integrated into every dimension of the development life cycle. To accomplish this, you should:

• Separate development, test, and production environments.
• Create and follow a formal change control process.
• Store code in a secure repository, with no shared access.
• Use multi-factor authentication for all access to development code or designs.
• Conduct code reviews (or security tests) of any third-party component in your system.
• Require all developers to attend annual security training seminars.
• Use secure coding standards, such as MISRA C.

One of the more important items to integrate into your development is security testing. Test at every phase:

• Design phase: Conduct security reviews of your architecture and third-party components.
• Development phase: Scan code for vulnerabilities as it is checked in.
• Test phase: Conduct live penetration tests of deployed systems.
• Production: Actively hack systems in a live environment.
   

You will never build a wall high enough to stop all hackers, so focus on making your system(s) agile rather than tough. If your system underwent attack:

• How quickly could you update it?
• How would you know it was being attacked?
• What would the repercussions of an attack be?
• Who would handle an attack?
• What would happen if your encryption (if you use it) was cracked?
• Are there other technologies, like firewalls, that could mitigate an attack?
   

To turn potential weaknesses into strengths, take the following steps:

• Validate data whenever you accept it or send it out.
• Disallow unnecessary access—restricting all access to only what is absolutely essential.
• Prevent untrusted applications from running—ever.
• Tightly restrict all remote access.
• Encrypt all data: at rest and in transit.
• Perform an integrity check at boot up.
• Avoid system-wide secrets and compartmentalize system components.
• Remove debugging features (if possible).
• Why does the product do that? If there is no good reason for a feature, get rid of it.
   

There is a reason that 97 percent of companies have some or all their infrastructure in the cloud. The cloud allows for agility, flexibility, and greater security. Use the cloud to gather logs, push updates, or publish APIs.

However, the greatest benefit of the cloud is automation. You can build entire environments as code, and destroy and re-create them at a whim. This allows for disposable infrastructure—that is, systems that can be destroyed and re-created from known good images. Automating this destruction and re-creation has huge security benefits. It is impossible for a hacker to establish persistence in an environment if the environment disappears every week. Disposable infrastructure is an ideal end state for any complex system.

Thinking like a hacker requires you to look at the systems you design differently, including observing the obvious, understanding human error and indifference, and understanding what a hacker seeks and the clues he uses (as discussed in part 1). Design engineers can and should take steps to improve development processes and minimize risk in systems design. Performing risk assessments, integrating security into the development process, testing, developing automated disposable infrastructure, and using the cloud are key steps that will improve your development processes and minimize risk in the systems you design.

Mouser is committed to helping engineers develop secure systems. Check out the Think Like a Hacker webinar (developed in partnership with Anitian) as well as our Data Security eZine.