0P3N Blog Blog Post

Securing Critical Data with Traditional Media

By: Guest Writer
January 23, 2019
Advancements in information technology have greatly accelerated the pace of communications and by extension, the way people interact with each other. Outside of the digital divide, virtually anyone can be reached through some system of digital communication. As a result, network surveillance has grown to accommodate these networks and prevent unauthorized access or unauthorized surveillance. As the world moves on to more advanced and complicated systems of digital communication, traditional media provides a haven for secured information. By taking a step back from the arms race that is cybersecurity, we can see new applications of old technology circumventing the necessity for sprawling complexity.Modern security solutions neglect to accommodate outdated technologies when securing a network. One such approach towards this is VENOM or Virtualized Environment Neglected Operations Manipulation. Discovered by Jason Geffner of CrowdStrike, this vulnerability allows the escape of virtual machines from their hosts by exploiting a VM’s virtual floppy drive code.Sometimes a seemingly obvious security solution may be overlooked due to its traditional nature. One way to secure organizational information is to only render it onto physical mediums. Physically writing out organizational information on paper and securing it in an envelope may seem archaic, but this approach can be far more secure than any combination of VPNs, NIDs, and firewalls. There is no Linux tool or advanced networking technique that can access information that is physically hidden from the eyes and stored in an “analog” format. Some institutions of national security rely on technology that is so old that it actually gives the institution an advantage in information security. Some examples of this would be the use of traditional radio, punch card computers, and handwritten or typewritten messages. Other unconventional approaches may include ciphers built on endangered human languages, hidden messages in the mimicry of local birdsong, and the covert use of offline digital media in dead drops.System administrators may secure their networks by trying to think as an attacker would, but an attacker is often trying to innovate and approach the target in a way the system administrator would not expect. Being able to forge a weapon or approach that is unheard of or unaccounted for by the system administrator/attacker grants a distinct advantage. Like the famed Hashishans, Sicarii, and Shinobi, sometimes a creative and unexpected approach can be the key element in the success of an operation.[clear]

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry