Advancements in information technology have greatly accelerated the pace of communications and by extension, the way people interact with each other. Outside of the digital divide, virtually anyone can be reached through some system of digital communication. As a result, network surveillance has grown to accommodate these networks and prevent unauthorized access or unauthorized surveillance. As the world moves on to more advanced and complicated systems of digital communication, traditional media provides a haven for secured information. By taking a step back from the arms race that is cyber security, we can see new applications of old technology circumventing the necessity for sprawling complexity.
Modern security solutions neglect to accommodate outdated technologies when securing a network. One such approach towards this is VENOM or Virtualized Environment Neglected Operations Manipulation. Discovered by Jason Geffner of Crowd Strike, this vulnerability allows the escape of virtual machines from their hosts by exploiting a VM’s virtual floppy drive code.
Sometimes a seemingly obvious security solution may be overlooked due to its traditional nature. One way to secure organizational information is to only render it onto physical mediums. Physically writing out organizational information on paper and securing it in an envelope may seem archaic, but this approach can be far more secure than any combination of VPNs, NIDs, and firewalls. There is no Linux tool or advanced networking technique that can access information that is physically hidden from the eyes and stored in an “analog” format. Some institutions of national security rely on technology that is so old that it actually gives the institution an advantage in information security. Some examples of this would be the use of traditional radio, punch card computers, and handwritten or typewritten messages. Other unconventional approaches may include ciphers built on endangered human languages, hidden messages in the mimicry of local birdsong, and the covert use of offline digital media in dead drops.
System administrators may secure their networks by trying to think as an attacker would, but an attacker is often trying to innovate and approach the target in a way the system administrator would not expect. Being able to forge a weapon or approach that is unheard of or unaccounted for by the system administrator/attacker grants a distinct advantage. Like the famed Hashishans, Sicarii, and Shinobi, sometimes a creative and unexpected approach can be the key element in the success of an operation.
OUR REVOLUTION
We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, RM. InfoSec Insights is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.
