I received an email from someone asking me about the internet outage in North Korea.
Firstly, if we, (America) had anything to do with it, I think it analogous to punishing a pugnacious brat, by taking away their computer. This kid really needs a good spanking! For you who think that corporal punishment belongs in the dark ages, well you’re wrong, unless of course you consider North Korea is still in the Dark Ages!
This country, as stated in another blog; keeps its people in the dark. Looking at a picture from space one can tell that electricity is not even well distributed much less the internet or the free exchange of information and thoughts.
Contained inside the Red Outline is North Korea.
If you want to control a people, take away weapons, power, their ability to communicate with others, and feed them a constant feed of Bullshit daily! Prevarication is called for if you want a submissive people who will do what you say without question.
The people of this country are brainwashed into “loving their dear leader” and believe anything that they are told. Any type of truculence on their part is met with swift, brutal retaliation.
If the evidence indeed points to North Korea in the attack of Sony, (the only people with motive,) Most assuredly, there was someone on the inside at Sony. Sony should be looking real hard with forensic experts to determine what happened!
As a security geek, I would love to be part of that team!
The sad truth today is that there could be a spook! Money talks, with our lack of morality on the rise, it could be anyone.
Most firewalls today are pretty good at keeping bad people out so, planting a spook or a Trojan or worm of some kind on the inside of the firewall, enabling communication from the outside through some spoofed port that is normally open like 80, would have to be employed.
Many of the remote control desktop software out there today which some people use, violate all security protocols. The problem is that a lot of companies don’t hire a security officer or have a limited IT staff who are too busy resetting passwords and posting on Facebook to be bothered with doing nothing more than putting out fires.
If you look at the OSI model (which I dare say few are familiar with, consist of 7 layers. The OSI model (open system interconnection model) is a packet-based structure of layers, or protocol stack.
- Starting at layer one, we have the physical layer which is basically your cable and associated hardware which allows your computer to communicate with the host. This layer is responsible for the “frame bit.”
- Layer two is the layer that established the protocol used to communicate whether it is frame relay or Ethernet or what have you. This layer is called the data link layer.
- Layer three is known as the network layer and is responsible for transmitting data from node to node. This layer provides switching and routing information.
- Layer four or transport layer is responsible for such things as error recovery and end to end flow control.
- Layer five or session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications.
- Layer six or presentation layer works to transform data into the form that the application layer can accept.
- Layer seven or application layer is just that Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, browser, Google, and other network software services, and yes, Facebook. This is the layer that the end user has the most to do with in that applications exist solely at this level.
Now that you have a small idea of how one communicates over the internet, looking at this model, how would you interrupt traffic between them and us?
Keep in mind that North Korea gets internet from China and most probably through a Russian satellite. Neither of these do we have control over, so pulling the plug leaves out the physical layer.
Again, I could not use layer two; as again I don’t have control over that either.
Ah, now layer three I do have control over. What if I change their known ip addresses to non internet routable or private, much like the 192,172 or 10 subnets? Now they have to go to Russia or China and beg for another subnet and… as soon as they do, we kill that as well.
Why do we have private addresses you ask? Most reading this far probably already know this however, there are simply not enough addresses to give every company that wants one, a block of private addresses.
If you look at RFC 1918 a private addresses scheme was created that are not assigned meaning, that they cannot route through the internet. In this way business’s and homes and even North Korea can use them to their hearts content, on their private networks and then using something called NAT or network address translation can make your home computer look as though it is talking on a public address.
This BLOG’s intent is to underscore the need to have a good CIO and a good security officer. Your company could be the next Sony and as you can see, if some rogue country like North Korea who has a very limited pool of talent can take down a giant like Sony, just think what a Russia or China or other country who does not stagnate its citizens, and keep them in the stone age could do.
-Best to you and those that you care about and if I don’t get to write again by Christmas…Have a Merry Christmas!