Tag Archives: CDSN

Hollywood Presbyterian Medical Center Victim of Cyber Attack

20 February 2016

Hollywood Presbyterian Medical Center was hit by a ransomware attack around February 5th. At almost the same time some hospitals in Germany were hit by a similar attack.

In both cases the attack was initiated by emails with malicious attachments. In both cases the impact was nearly the same: Hospital operations came almost to halt. And in both cases the IT groups were able to prevent the worst by rapid and effective intervention.

IT operations, and thus medical operations, was massively hampered for some days because the malware rapidly changed its code. In such cases pattern based anti-malware systems have only a limited effect in recovery of IT operations.

From my point of view,  an effective ISMS is the best way to deal with ransomware. And the way the IT groups dealt with the attack shows, that they have an ISMS or something similar implemented and practiced.

Hospitals are becoming increasingly dependent on a fully operational IT infrastructure. Even a shutdown of some days is hardly possible. Therefore, we need an entirely new approach for providing services to hospital staff.

Spear phishing attacks, drive-by downloads, java script attacks, etc. are omnipresent today. Thus computers are potentially compromised because they are connected to the internet. This holds even if the computers are operated inside a company network only.

The ‘trusted computer in a trusted company network’ paradigm is no longer relevant. A shift to the ‘zero trust’ paradigm is imperative to prevent unacceptable outtakes.

The good news is that the technology for implementation of a ‘zero trust’ paradigm is ready today:

The hospital IT systems are isolated in a Core Data Services Network (CDSN). Access to the CDSN is provided via virtual desktops. The Virtual Desktop Infrastructure (VDI) is hosted in the CDSN.  Email- and internet access is blocked in the CDSN, as well as data exchange between the virtual desktops and the user workstations. Data exchange between the CDSN and the user workstations is controlled through secure gateways. Only the user workstations or smart devices have access to the internet and the company’s email system, which remains outside the CDSN.

This is just a blue print. With Software Defined Networking it’s easier to implement today.

The big advantage is that, even if a user’s workstation is compromised, the likelihood of an impact on the hospital’s IT systems and data in the CDSN is dramatically reduced. And recovery from an attack with ransomware is very easy: Run a fresh installation of Windows on the compromised computer. Sound’s easy, doesn’t it?

Have a good weekend.

Howto secure business critical data? – The admin challenge or {U} ∩ {A} = ∅

17 July 2014

Unfortunately, sometimes administrative privileges are required for operation of the systems and services inside the Core Data Services Network (CDSN). This is very annoying because administrators are always an inherent risk. To be honest, I look forward to the day when servers could be operated without any system privileges.

Until then, we must try to reduce the risk through consequent application of the Separation of Duties (SoD) principle. Let’s do some basic set theory first.

Let {U} be the set of all employees in the company, {D} ⊂{U} the set of all employees with authorized access to the core data and {A} ⊂{U} the set of all IT Administrators in the company.

The Separation of Duties (SoD) principle requires:

 {U} ∩ {A} = ∅

This translates into the following basic principle:

Employees with authorized access to core business data must never have the privileges for administration of systems and services in the entire company network.

Could a data manager have privileged access with a special account? This question was asked in a meeting some days ago. Although there may be good reasons to do this, the answer is No. Never! Employees with authorized access to data must never have privileged access, no matter what account is used.

Note bene: The SoD principle should be applied to all services at all system, application and infrastructure levels. Let me clarify this by the means of two examples:

  1. Data managers should never have the privileges for account or database administration because this would allow them to grant privileges to themselves.
  2. Terminal service administrators must never have the privileges to configure the firewalls between the CDSN and the company network. This would allow them to authorize other computer for access to the CDSN.

Simple, but effective.