Brittle Systems - Unmasking Enterprise Security's Quiet Danger

Saturday, October 13, 2012

Rafal Los


You may not want to think about it, but besides all the obvious security vulnerabilities in your enterprise there is an even bigger problem, lurking just below the water.  

At that perfect intersection between critical system and security vulnerability is something many IT professionals acknowledge as the big pink elephant in the room - the "brittle system".

These brittle systems start out as a pet project, or a prototype... or maybe someone's test case.  They're a bunch of reclaimed hardware, or some virtual servers hastily slapped together, or a combination of the two.  Every brittle system shares the commonality of being hastily built, poorly designed, and security is always the thing you'll worry about after the 'test' is done.   Your enterprise or organization tests the latest vendor software upgrades or patches, new software you're thinking of purchasing or deploying ... or maybe some crazy idea that you just quickly need to 'mock up' to see if it works.

From the experience of having dealt with several of these monsters in the past I can confidently say that security is never, ever something that gets thought about before the thing is done.  You hear a lot of "Let's just stand this up, and if it works we'll do it right later" ... but there's a very serious flaw with that sentence...

The flaw here is that the "later" never actually happens.  What turns all of this into a flaming ball of explosives rolling downhill towards you is that these brittle systems turn into production-critical components of your enterprise in the blink of an eye.  No sooner does someone say to themselves "hey, it works!" than it's labeled a production asset of the organization and now cannot be further tampered with.

So why is this a bigger problem than the vulnerabilities you know exist, or suspect exist? Let's look at it this way, from the non-security viewpoint to understand why brittle systems are extremely dangerous to the enterprise.

Don't dare sneeze

Brittle systems are brutal because they're exactly that ... brittle.  You can't even walk by and sneeze or they'll fall over and create untold amounts of damage and downtime, with all the negative associated loss, etc that goes with.  You see, the problem with brittle systems is they weren't planned and designed well in the first place, and having no strategic thinking to something pretty much guarantees it's long-term failure.

Security's little-discussed component, availability, becomes key in brittle systems.  You're hoping that the system doesn't fall over, unexpectedly, to cause adverse conditions to the business.  If a brittle system comes apart at the seams, it'd difficult to try and stand it back up because odds are you don't know why it fell apart to begin with, and then you'll have no clue how to put it back together again.

You trying to go back and retrofit security onto something you now have no clear understanding of, and can barely tough lest you break it ... that's not an enviable position for anyone.  If you can force your way into the management and maintenance stream of a brittle system the odds of you getting to get enough 'alone time' with it to put in place a sound defensive strategy are low.  Imagine trying to both understand something (like a black box) as it's running while trying to put restrictions and defensive mechanisms around its uses... almost impossible.  In fact, I would argue that this sets you up for imminent failure.

Double fail?

The risks brittle systems pose to the enterprise are two-fold.  First you've got the business relying on a system that wasn't architected and designed for resilience or uptime.  Next, you've likely got security issues because security is rarely a front-running thought in these types of 'prototype' systems.

If the system goes down your business comes to a grinding halt and you're got a security issue - these are two fires you don't want to be fighting at the same time, believe me.  It is not fun to have to not only try to figure out why an attack against a brittle system succeeded, and how - but now you're fighting the team trying to get the system operational again because people depend on it to perform business.

It's this type of double-bladed impact that makes brittle systems such a scary thing in the enterprise.  When red teams come across these systems they may accidentally (in fact, it's likely they will) blow up one of these systems or use one as a beach head because they're the perfect place to hide in plain sight.

Check out the next part of this post for more on brittle systems and a peek into how we can start to think about these types of systems before it gets this bad.

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Information Security
Enterprise Security Risk Management Vulnerabilities Patch Management
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.