9. The Application of Cybersecurity: Principles and Practices 229 Sandboxes, like the virtual machine (VM) pods used for cybersecurity labs, are a good example of using compartmentalization to both limit exposure and avoid the intermingling of resources. VMs run on top of the host operating system and provide a barrier for the processes that run within the VM—segmenting them from the host. Malware running in a VM cannot access files and processes belonging to the host. Like the Titanic, the design is not full-proof, and sometimes it is possible for malware to escape from a VM, but the principle holds. Operating systems implement compartmentalization in a similar way. They enforce memory space barriers between running processes, making it more difficult for a malicious process to gain unauthorized access to another process’s resources (access control), and if a process crashes, the damage is limited to just that one process (limiting exposure). Figure 9.6 A diagram of the Titanic illustrating the compartmentalization principle. Compartmentalization limits exposure. As we saw in Chapter 5, exposure is the potential losses that could result from an incident. An organization’s computer network should be segmented to limit exposure, creating barriers between different computing resources on the network. One such implementation of this is called a DMZ for demilitarized zone. A DMZ is a segmented portion of a computer network that contains Internet facing servers. These servers are directly accessible from the Internet and are most vulnerable to attack. Therefore, they are susceptible to compromise, and if that were to occur, the network is designed to confine the compromise to the DMZ network only. This type of network design is analagous to a safe room in a home—if a home invasion occurs, the safe room is an interior, fortified and secured compartment where a family can retreat while they wait for help to come. The rest of the house is like a DMZ, and the safe room is like the core, internal network, much more difficult to breach. Compartmentalization is also important for avoiding the intermingling of resources that could compromise access control. For example, in Section 4.1.2.2 we learned about injection attacks. In these attacks user inputted data is executed as code. This is a failure of compartmentalization—inputted data should never be interpreted as code to be executed. An injection attack intermingles code and data, and it is ultimately a failure of access control—the attacker is able to run unauthorized code. Another famous example of the failure of compartmentalization is the vulnerability in the old landline telephone system that
RkJQdWJsaXNoZXIy MTM4ODY=