9. The Application of Cybersecurity: Principles and Practices 229 processes that run within the VM—segmenting them from the host. Malware running in a VM cannot access files and processes belonging to the host. Like the Titanic, the design is not full-proof, and sometimes it is possible for malware to escape from a VM, but the principle holds. Operating systems implement compartmentalization in a similar way. They enforce memory space barriers between running processes, making it more difficult for a malicious process to gain unauthorized access to another process’s resources, and if a process crashes, the damage is limited to just that one process. Figure 9.6 A diagram of the Titanic illustrating the compartmentalization principle. Compartmentalization limits exposure. As we saw in Chapter 5, exposure is the potential losses that could result from an incident. An organization’s computer network should be segmented to limit exposure, creating barriers between different computing resources on the network. One such implementation of this is called a DMZ for demilitarized zone. A DMZ is a segmented portion of a computer network that contains Internet facing servers. These servers are directly accessible from the Internet and are most vulnerable to attack. Therefore, they are susceptible to compromise, and if that were to occur, the network is designed to confine the compromise to the DMZ network only. This is not dissimilar to the idea of a safe room in a home—if a home invasion occurs, the safe room is an interior, fortified and secured compartment where a family can retreat while they wait for help to come. Compartmentalization is also important for avoiding the intermingling of resources that could compromise access control. For example, in Section 4.1.2.2 we learned about injection attacks. In these attacks user inputted data is executed as code. This is a failure of compartmentalization—inputted data should never be interpreted as code to be executed. An injection attack intermingles code and data, and it is ultimately a failure of access control—the attacker is able to run unauthorized code. Another famous example of the failure of compartmentalization is the vulnerability in the old landline telephone system that enabled phone phreakers to abuse the system (see Section 3.2.5). By inputting certain frequencies such as 2600 Hz into a phone, hackers could gain command control over the phone system. The system failed to isolate data (human speech) from code (control frequencies). Interestingly, this same vulnerability is built into most generative AI systems.
RkJQdWJsaXNoZXIy MTM4ODY=