Cyberattack at “Deutscher Bundestag” and my personal experience with an cyber attack
Cyber Attack at “Deutscher Bundestag”
While I have been writing my new article about WLAN basics I read an article about the hacker attack at the “Deutscher Bundestag”.
The interesting thing about this attack is, that it seems to be a full hit.
Obviously they are totally compromised, because they lost the last bastion the admin rights of their network. So this is one of the most fatal error you can have.
As I read the article I was thinking back to the years when I firstly encountered with security.
Now two days later they are telling of only about 20 hosts and it was “normal” malware.
I want you to take part on my memories…
In the year 1999 I was responsible for network services (DNS, SMTP,..) on a faculty. We have had a small subnet inside the university network.
At this time security was not implemented as today. So we have had no firewalls, but we used linux servers and not windows. One day we encountered a successful script kiddy denial of service attack at some of our hosts.
They were able to do so, because they used an exploit in “timed” daemon and after that they installed at these hosts malware. By the way if you were able to generate traffic of about 1 Mbit/s you had done a successful attack, at these times.
After that attack we did different things to gain more security:
– Implementing a faculty own DMZ
– Implementing packet filtering rules (of course not state-full)
– Using a freeware tool called Tripwire, for securing the server configurations
Three years later I wrote my diploma thesis about conceptional activities at the network to gain more security. Here is a short summary of my diploma thesis because it is written in German language:
At network level the most important service is the administration service.
So what can be done to protect this service?
- Defining requirements so it can be checked if the project is on the right path
- Structure the network to routing and security concerns network. A non-structured network can´t be secured.
- Use encrypted administration protocols like SSH, SCP, SFTP
- Use terminal servers (console port – ssh proxys) to go over security zone
- Secure other protocols like OSPF, SNMP
- Monitor all devices that are connected to the network (MAC-Address security/momitoring)
- Implement integrity checks at your configuration files with alarming functions (use a tool like Tripwire: File integrity Manager)
- Implement WAN-Security(VPN)
- Implement ACLs at the internal routers
So that is what I wrote down 13 years ago. The interesting thing about this is, that even today these basics are still not implemented everywhere. I frequently see routers where an unencrypted telnet port is open.
What should have we learned about this.
- Security is a proactive process, it can´t be done afterwards an attack.
- Don´t trap into the marketing promises, check if you have implemented at least the basics before you step to the next level. Because they are obsolete without the basics.
- Always define your requirement carefully. So you can always check if you are on the right path.
That is what I wanted to write for today…
For the persons which are interrested to read my diploma thesis in German language: Diploma thesis written by Christian Reusch