Page 93 - Cyber Defense eMagazine for September 2020
P. 93
On June 16, 2020, recognizing the validity and danger of these vulnerabilities, the Department of
Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a critical
security advisory. “A remote attacker can exploit some of these vulnerabilities to take control of an
affected system,” CISA warned, noting that these affect “Treck IP stack implementations for embedded
systems.” You can read a July 15 update to this advisory here that provides a detailed overview of each
of the 19 vulnerabilities.
The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute (SEI) also
published a Vulnerability Note about this issue, stating that most of the 19 vulnerabilities “are caused by
memory management bugs” and “likely affect industrial control systems and medical devices.” The SEI
summarized the situation by stating that “a remote, unauthenticated attacker may be able to use specially-
crafted network packets to cause a denial of service, disclose information, or execute arbitrary code.”
In short, many cyber security experts believe that we have just begun to discover the magnitude of the
danger that Ripple20 represents, and even with fixes and patches from the manufacturer, the problem
won’t go away easily. There are two potential solutions: local security solutions and software-defined
perimeters (SDP). While some local security solutions have proven ability to provide endpoint security
for hybrid environments and cloud-based security to protect data as it moves from cloud to cloud and
within clouds, deployed alone they may not be able to do the trick.
It’s the same with SDP solutions, which can hide the IoT devices from the general public, by use of SDP’s
micro-tunnels at the application-level. These give network administrators the ability to segment users and
devices at the application level rather than the network level. The benefits of this include diminishing the
threat of lateral network attacks. SDP achieves this outcome by setting strong limits on remote users,
allowing them access only to the applications they require, with no need for access control lists or
firewall policies.
SDP also enables IoT devices and gateways to communicate with directly to one another by providing
discreet, private and secure network communications over untrusted networks, such as the public internet
via User Datagram Protocol (UDP). Companies can thus gain secure connectivity by using randomly
generated, non-standard UDP ports for on-demand micro-tunnel communications, requiring only one
UDP message channel between IoT devices and gateways. This helps to secure IoT devices leaving no
open ports, all but eliminating any surfaces that could remain vulnerable to network attacks.
SDP solutions are also multi-cloud ready, since placing all operations in a single cloud server is risky.
SDP software allows for spreading workloads across more than one cloud, which works because of the
application-specific micro-tunnels that tie them together. This also reduces risk in case of outages,
allowing companies to shift operations as needed from cloud to cloud.
Despite the advantages of SDP, though, if the IoT devices with vulnerabilities from the Trek TCP/IP stack
are accessible over the local area network, then the devices will still be vulnerable to attacks. At the end
of the day, SDP is a transport layer that can provide private and hidden paths for exclusive data
hideaways, but local security for such protected destinations is still local. This is why users need to layer
both solutions. When local and SDP solutions are paired, together they present a virtually unassailable
defense, which will help safeguard the companies that use this double-tiered strategy from suffering the
consequences that can result from Ripple20 vulnerabilities.
Cyber Defense eMagazine – September 2020 Edition 93
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
