I found a great article by Stan Shyshkin last week on hacking internet satellites. Satellite networking has always interested me, especially when it comes to learning how to take advantage of foolishly trusted links. Most of these links manifest as a form of a “carrier grade” link such as MPLS or Frame Relay. These links are inherently considered private, even though they typically do not take advantage of encapsulated encryption.
Fifteen years ago we extended our network footprint through private network links. Companies extended their WAN in the form of a frame relay in 64-Kbit increments ((Yes I know there were 56-Kbit links too—I managed one back in the day.)). These links were rarely (if ever) encrypted partly due to the technology at the time and to inherent trust in telcos.
Companies running frame relay networks rarely encrypt over these links even though they cannot control anything past their data center. While intercepting traffic over carrier links is no trivial task and usually involves breaking and entering, isn’t it a bit irresponsible to implicitly trust links that you cannot control? Data breach laws were created for a reason and it seems silly to put your fate in the hands of a lawyer.
Instead, aren’t we better off preventing a breach from happening?
Which brings me back to satellite links! Stan writes about extending internet connectivity for free without worry of being near a coffee shop. Riding someone else’s high speed link is reminiscent of Wi-Fi as it gained popularity. What I would be more concerned about is the misuse of satellite networks to steal protected data.
The entire globe is not yet covered by a wired, high-speed internet. Businesses must rely on satellite or other wireless connectivity for those areas where burying cable is cost prohibitive. Does the business deal with consumer data? Maybe credit cards, PII, or health care data ((Think rural hospital that outsources part of its patient care to labs outside the region, or even the country in the case of radiology.))? Would it make a juicy target for someone wanting to snoop?
One of the scariest things to me is how much the cost of equipment to snoop various kinds of formerly “trusted” links has come down. It used to be that the equipment required to do this was in the high five if not six figures. That would limit your threat to organized crime or foreign governments (or possibly industrial espionage). But now with the cost in the sub four figure range it becomes much more realistic that Jimmy, the neighborhood whiz kid, might be flirting with the dark side of information security and breaking in for fun (or for hire).
So what should you do? Protect your data. The best thing you can do is protect data inside the application and encrypt it anytime it leaves. If your application is unable to do this, consider encapsulating your network traffic with an IPSec or SSL tunnel. If not that, just take a serious look at what data is traversing over which external links and be sure you have a documented risk assessment for that data.
What I’m waiting for is someone to figure out how to use those old TV tuner cards to snoop cellular traffic that is now moving into the recently vacated analog TV space here in the United States.
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC
- Life after G-Suite/Postini