Confinet Security Model: Core Principles

Confinet Security Model

In regard to security, Confinet meets the key objectives of confidentiality, integrity, and availabilty. However, Confinet goes far beyond the minimum standards that must be satisfied by a security system with a design that is also based upon the following core principles:

  1. Information is never automatically shared by default
  2. Information content can be dynamically updated at any time
  3. Information security permissions can be dynamically updated at any time
  4. Information is never stored or cached on a user’s persistent storage devices
  5. Information in transit is encrypted in accordance with the SSL/TLS protocols
  6. Information can be created, managed, protected, and shared within a single environment

The rationale and implications of these principals for information security are discussed below.

Information is never automatically shared by default.

The rationale for this principle in a system designed to protect confidential information and intellectual property is accountability. When individuals in an organization create confidential information which can be shared without their knowledge or consent, they cannot be held accountable for the security of the information they create for the organization.

Since Confinet was designed in accordance with this principle, the Confinet Client application never automatically shares information created by Confinet users with other Confinet users. In other words, in order for Confinet users to share information with other Confinet users, they must explicitly share the information they have created with Confinet.

In addition, the Confinet Admin application does not give Confinet Administrators access to information created by Confinet users; its only purpose is to administer Confinet groups and users.

Information content can be dynamically updated at any time.

The rationale for this principle in a system designed to protect confidential information and intellectual property is the ability to update information that is incorrect or out of date.

This is a necessary feature, since acting on information that is incorrect, or out of date, can have security ramifications. In short, preventing or controlling access to information that is incorrect is of little value to an organization.

Since Confinet was designed in accordance with this principle, the Confinet Client application allows Confinet users to dynamically update their documents and messages at any time. For example, if a Confinet user updates the contents of a message, the new contents will be seen the next time the recipients of the message open it.

Information security permissions can be dynamically updated at any time.

The rationale for this principle in a system designed to protect confidential information and intellectual property is the dynamic nature of privileged information concerning its classification and the nature of the roles individuals play in regard to its handling.

In many cases, the security classification of information is, for the most part, a function of time. For example, information that was considered confidential yesterday may be considered non-confidential today; or, information that was considered non-confidential yesterday may be considered confidential today.

Likewise, the nature of the roles that individuals play in regard to the handling of confidential information is usually a function of time. For example, individuals may be granted or denied access to sensitive information based upon their job titles, or the projects they participate in.

In recognition of this, the Confinet Client application allows Confinet users to dynamically update the permissions of their documents and messages. For example, if a Confinet user disables the view permission of a message, the message will not be seen the next time the recipients open a Message Browser window (or refresh the contents of existing Message Browser windows).

Information is never stored or cached on a user’s persistent storage devices.

A system designed to protect confidential information and intellectual property must protect against the loss or theft of user devices. The most effective way to achieve this objective is to prevent sensitive information from being stored or cached on user devices. Thus, the Confinet Client application never automatically stores information created by users on their persistent storage devices.

A Confinet user may elect to save one of their documents or messages on a persistent storage device; however, the Confinet Client application itself will not automatically store or cache user information on a persistent storage device (for example, a hard disk drive, or a USB Flash drive).

Information in transit is encrypted in accordance with the SSL/TLS protocols.

With more and more people working remotely, it is imperative that sensitive information be protected whenever it is transmitted over public networks.

It is also essential that information be protected whenever it is transmitted over an organization’s private networks. It is possible, however unlikely, that an organization’s private network could be compromised by an insider.

The Confinet product suite features always on encryption; information in transit is always encrypted, regardless of whether information is transmitted over a public or a private network.

Information can be created, managed, protected, and shared within a single environment.

Since Confinet is based upon this principal, the Confinet product suite allows the members of an organization to create, manage, protect, and share confidential information without recourse to any third-party applications.

The creation, management, protection, and sharing of confidential information within a single, managed environment is the most effective way to uniformly enforce security constraints placed upon confidential information.

If information is created, managed, and shared by separate applications, the security of the information will only be a strong as the security afforded it by the least secure of the applications handling the information.

The Confinet product suite eliminates this “weakest link” liability in the handling of sensitive information by providing a single environment wherein security constraints are uniformly applied to the handling of confidential information, from its inception and management, to its sharing with others and eventual retirement.

Conclusion

In regard to the creation, management, protection, and sharing of confidential information and intellectual property, the Confinet product suite is the only commercial offering that satisfies all of the principles enumerated and discussed above.

Confinet: a replacement or supplement to traditional email systems?

Average cost of malware attack spend and the top cost to companies: $2.4 million
— 2017 Cost of Cyber Crime Study

Email: the weapon of choice for most cyber-attacks

According to Trend Micro, 91% of cyber-attacks begin with a “spear phishing” email. If true, then email is the weapon of choice used by cyber-criminals to infiltrate organizations to steal confidential information, intellectual property, and customer data.

When your organization becomes the victim of a cyber-attack, it will in all probability be the result of an attack that was launched against you with malware-laden email, disguised as legitimate email.

Clearly, you could reduce your chances of falling victim to a cyber-attack by using an alternative to email. By now, this observation should be obvious to everyone.

Email: the great productivity killer

According to a McKinsey report, employees spend most of their workweek as follows:

  • 28% reading and answering emails
  • 19% searching and gathering information
  • 14% communicating and collaborating internally

That is a total of 62% of their workweek engaged in these activities. But how much of that 62% involves work that brings real value that actually contributes to the bottom line?

Given that more than half of all email is spam, how much time do the members of your organization waste just trying to figure out which of the hundreds of emails they receive each day are legitimate?

Finally, research suggests that the constant disruptions caused by email can reduce our effective IQ by as much as 10 points. And, it can take 20 minutes to regain our focus after each disruption.

Clearly, you could increase the productivity of the members of your organization by using an alternative to email, and that increased productivity could translate into increased sales and profits.

How can Confinet help?

Confinet provides you with a private network that you can extend to your employees, customers, partners, distributors, consultants, attorneys, and anyone else you do business with.

Since this private network only consist of authorized users, using Confinet can help you reduce spam and messages from unknown and untrusted sources.

In addition to increasing the productivity of the members of your organization, using Confinet could reduce their exposure to the many forms of cyber attacks that rely on the use of email.

References

2017 Cost of Cyber Crime Study

https://www.infosecurity-magazine.com/news/91-of-apt-attacks-start-with-a-spear-phishing/

http://www.mckinsey.com/industries/high-tech/our-insights/the-social-economy

https://hbr.org/2014/07/the-cost-of-continuously-checking-email

 

Confinet Passes Security Penetration Test

Before purchasing or using any security software product suite, it is important to verify that the software has been thoroughly tested by a professional security services organization that specializes in penetration testing.

During the months of June, July, and August of 2017, the Confinet product suite was subjected to a series of methodical and rigorous penetration tests by an ethical hacking team from a leading security services firm.

We are proud to announce that, after a final series of tests, it was reported to us that any vulnerabilities found in the initial testing of the Confinet product suite had been successfully resolved.

Interested parties are encouraged to contact us in order to learn more concerning the methodology and results of these tests.

The Phoenix Design Pattern for Creating a Security-Centric IT Environment

Introduction

This design pattern for a security-centric IT environment is presented in the hope that it may be of some use to those wishing to implement a security-centric IT environment for a group of users (who require a high degree of security in order to carry out their responsibilities).

Please consider this a rough draft of an outline for the pattern; I will be evolving this pattern during the coming months to a more complete form (as time allows).

Any comments you care to make as to how this pattern can be improved upon or embellished for the good of all will be greatly appreciated!

Name

Phoenix

Intent


To ensure that users in an IT environment start their work sessions with PCs that are free of malware and updated with the latest updates, and to limit the attack window of malware on an infected PC to the duration of the user’s session on the infected PC.

Motivation

For many industries, it is imperative that users have access to an IT environment that is designed to provide them with effective protection against cyber-attacks by organized criminals and nation states engaged in industrial espionage.

However, this has become very difficult due to the evolution of malware that anti-virus software cannot detect; this makes it almost impossible to be certain that PCs are free of malware.

(See the article You Can’t Depend on Antivirus Software Anymore for more on why you cannot rely upon anti-virus software to detect and eradicate the latest strains of malware.)

This leads to another problem: most PCs run on a 24/7 basis. If a PC becomes infected with malware, it will usually have all the time it needs to accomplish its mission. For example, banking Trojans go into hiding and patiently wait for a victim to enter his or her credentials in order to gain access to sensitive accounts. And, given enough time, this will eventually happen.

The last problem we face is that it is nearly impossible to be certain that every PC in an IT environment has been updated with the latest application, operating system, and security updates. For example, if a PC has been infected, malware might prevent the PC from being updated. Or, more commonly, a PC might simply be switched off when it was supposed to be updated.

Thus, there are at least three problems that confront us when creating a secure IT environment for users:

  1. At any given time, you cannot be certain that PCs are not infected with malware.
  2. Malware that cannot be detected will probably survive long enough to accomplish its mission.
  3. You cannot be certain that PCs are updated with the latest application, operating system, and security updates.

The purpose of the Phoenix Design Pattern is to introduce compensating controls and procedures into an environment in order to significantly mitigate the risks and dangers posed by these three problems.

Applicability

Consider using the Phoenix Design Pattern in any industry where you must create a security-centric IT Environment.

In addition to others, this may include any or all of the following industries:

  • Healthcare
  • Financial Services
  • Manufacturing
  • Government
  • Legal
  • Defense
  • Energy
  • Transportation

Structure

Figure 1: Secure Area

The structure associated with the Phoenix Design Pattern is a Secure Area that consist of the following secured compartments:

  • User’s Compartment
  • Administrator’s Compartment
    • Compartment for Deallocated PCs
    • Compartment for PC Image & Reimaged PCs

User’s Compartment

A secured compartment where Users carry out their responsibilities.

Administrators and Users have access to this compartment.

Administrator’s Compartment

A secured compartment where Administrators carry out their responsibilities.

Only Administrators have access to this compartment.

Compartment for Deallocated PCs

A secured compartment where deallocated PCs are quarantined; these PCs may be infected with malware and should be treated accordingly.

Only Administrators have access to this compartment.

Compartment for PC Image & Reimaged PCs

A secured compartment where the PC Image and reimaged PCs are stored.

Only Administrators have access to this compartment.

Participants

Administrator

An individual with administrative privileges.

User

An individual with responsibilities that require the use of a PC.

PC

A laptop or Stick PC required by a User to carry out his or her responsibilities.

Figure 2: Stick PC (4.33 x 1.02 x 0.45 inches; less than $100)

PC Image

A system image that can be used to restore the persistent storage devices of a PC to a known state.

Collaborations

Figure 3: Phoenix Design Pattern Collaborations

The minimum set of collaborations associated with the Phoenix Design Pattern include the following:

  1. User enters Secure Area
  2. User requests PC from Administrator
  3. Administrator allocates PC for User
  4. Administrator delivers PC to User
  5. User uses PC
  6. User returns PC to Administrator
  7. Administrator deallocates PC
  8. User leaves Secure Area
  9. Administrator applies Updates to PC Image
  10. Administrator reimages PC

Now we examine each collaboration in more detail.

User enters Secure Area

After presenting his or her credentials, the user is admitted to the Secure Area.

User requests PC from Administrator

After presenting his or her credentials, the User requests a PC from the Administrator.

Administrator allocates PC for User

After verifying the credentials of the User, the Administrator performs the following steps:

  1. Allocates a PC for the User
  2. Adds the PC to the List of Allocated PCs.
  3. Removes the allocated PC from the List of Available PCs.
  4. If necessary, whitelists the allocated PC’s MAC address

Administrator delivers PC to User

The Administrator removes the allocated PC from the Compartment for PC Image & Reimaged PCs and delivers it to the User in the User’s Compartment.

User uses PC

In order to begin a Work Session, the User will log in to the allocated PC.

User returns PC to Administrator

After completing a Work Session, the User will log out of the PC and return the PC to the Administrator.

At this point, the Administrator must assume the PC has the following properties:

  1. The PC has malware
  2. The PC is not updated with the latest operating system updates
  3. The PC is not updated with the latest application updates
  4. The PC is not updated with the latest security updates

Administrator deallocates PC

Upon receipt of the PC, the Administrator performs the following steps:

  1. Removes the PC from the List of Allocated PCs.
  2. Adds the PC to the List of Available PCs.
  3. As a precaution, blacklists the PC’s MAC address
  4. Quarantines the PC in the Compartment for Deallocated PCs

User leaves Secure Area

Normally, Users are not allowed to leave the Secure Area until it has been verified that they have returned the PC that was used during their Work Session.

If a user requires a PC for work outside of the Secure Area, the User must obtain permission and request a PC from the Administrator that has been configured with a greater degree of security and counter-measures against the loss or theft of the PC.

Administrator applies Updates to PC Image

At the end of a Work Cycle, the Administrator will perform the following tasks:

  1. Update the PC Image with the latest operating system updates
  2. Update the PC Image with the latest application updates
  3. Update the PC Image with the latest security updates

Administrator reimages PC

The Administrator must now perform the following tasks:

  1. If warranted, erase all data on the PC in accordance with secure data management practices and standards
  2. In the Administrator’s office, reimage the PC with a copy of the updated PC Image
  3. Store the PC in the Compartment for the PC Image & Reimaged PCs

At this point, the PC is ready for use by the next User.

Consequences

When a User begins a Work Session with his or her PC, the Administrator can be reasonably certain that:

  1. The PC is free of malware
  2. The PC is updated with the latest operating system updates
  3. The PC is updated with the latest application updates
  4. The PC is updated with the latest security updates

In addition, if the PC had been infected with malware before it was returned, the Administrator can be certain that the duration of the User’s Work Session on the infected PC would have placed an upper bound on the attack window, thus significantly limiting the time during which the malware would have been forced to accomplish its mission.

Implementation

There are many ways to implement this design pattern in a real IT environment; we have only presented the pattern in an outline form.

[There are many tools available that can automate the processes associated with the implementation of this pattern, many of them free of charge. These will be discussed in future versions of this article.]

Glossary

Work Session

The time interval during which an individual User performs work; logging in to a PC begins a Work Session and logging out ends a Work Session. (In most environments, the average length of a Work Session will be approximately 8 hours.)

Work Cycle

The time interval during which Users perform work on a cyclic basis. (In most environments, the length of a Work Cycle will be 24 hours.)