In the April issue of BIC, I discussed zero-trust security solutions that only allow approved applications to run. In this issue, I will discuss limiting the scope of what an approved application can do via a policy called "ring fencing." As Americans, we enjoy the greatest freedoms the world has to offer. We can do anything the law doesn't explicitly prohibit, but we do have laws. In addition, we cannot simply walk onto a secure government facility like Area 51 anytime we like.
However, an installed application, even an app that is trusted, can essentially do anything that is within its capabilities. It seems like trust should be a binary decision: Either we trust the application, which allows it to do whatever is within its capabilities, or we don't trust it, so we simply deny its ability to function altogether. Of course, the world is more nuanced than that, and your computer is a part of the world. Applications are similar to people in that we know them on a certain level, but we are not aware of what they are fully capable of doing. In reality, our applications have far more capabilities than most people utilize, yet if we look at what the vast majority of people do with common applications, we can limit applications' capabilities. Let's review a few examples of actions that we would commonly "ring fence" for an application to reduce its security risk.
- Microsoft® Word: Everyone has received or created a Word document that has an internet link. You click on the link, the default browser loads and the web page is displayed; you've done this countless times. Another way this could be completed is to call PowerShell within your computer, which contacts a website, and then that website takes you to your expected destination. PowerShell is on every computer's operating system, including Windows, Mac and Linux. You probably don't know how to write a script to call a website, but hackers do. A hacker would use that PowerShell script to take you to that same website and simultaneously open another browser page that is hidden so you cannot see it. The hacker can use this hidden page to interact with your computer behind the scenes even after you've rebooted. A typical Word user would never call PowerShell to take someone to a link, so ring fencing denies Word and your other Microsoft Office applications from calling PowerShell, thereby protecting your computer and data.
- Regsvr32: Microsoft has a program running on your computer called Regsvr32. It exists to assist in the registration of parts for an application during the app installation process. It is a command- line utility similar to PowerShell, but it also has full access to the internet, even though it has no need to access the internet. This program is so important that Microsoft allows Regsvr32 to operate in a protected memory space, which means that no antivirus or antimalware security scanning product you use can see what it does. You could download a seemingly innocuous utility that has its executable modified such that it installs the intended application and connects to a remote server that keeps a connection to your PC, allowing a hacker to access all the files on your network.
- PDF programs: Many of the world's most common PDF programs have built-in encryption capabilities. You can secure a PDF document to ensure it is not tampered with by the recipient. If your PDF program is hijacked, its encryption capabilities can be used to encrypt your data and hold it for ransom. We ring fence PDF programs for the common tasks of editing, creating and saving PDF files. For more secure environments, we even deny a PDF program's ability to convert Microsoft Office files from Word, Excel and PowerPoint to PDF because this functionality exists natively within Microsoft's programs.
In the world of computers, ignorance isn't bliss. Instead, our ignorance creates opportunities for criminal organizations to target our computers and data. Use a zero-trust security policy that includes ring fencing so you can be assured that your applications don't misbehave. In the next issue of BIC Magazine, we will discuss another zero-trust security policy called "anti-tampering."
For more information, visit www.omnipotech.com or call (281) 768-4308.
