
Nvidia  Corporate Network Breached - Garbage
http://www.forbes.com/sites/davelewis/2014/12/29/nvidia-corporate-network-breached/
======
sargun
I have a different view on security. A lot of people are talking about defense
in depth, and security being enforced by the network. I think although that
kind of works, it's largely a mistake. Security, as enforced by middleboxes is
fundamentally flawed, especially as we see the proliferation of systems that
are too complex, and rapidly changing for middleboxes to understand. Although,
they can be a tool in laying defensive trenches, they are nothing more than a
simple barrier.

I think that endpoint security is what needs to be enhanced. Looking at what's
been disclosed about malware recently (APTs:
[https://en.wikipedia.org/wiki/Advanced_persistent_threat](https://en.wikipedia.org/wiki/Advanced_persistent_threat)),
we need to focus on a few things:

1) Isolating components: Components, and processes themselves should be
isolated from one another, and the operating system. A web server should be
able to run malicious code without fear of it easily getting root access. We
have tools to make this possible today, like Apparmor, and SELinux. The fact
that distributing Apparmor, or SELinux profiles with applications today isn't
normal, makes me sad.

2) Modularization: We should do our best to split the components of a system
up into small, well-understood pieces. Rather than trying to combine multiple
components into one monolithic process, breaking up components into their
individual components. I think Cloudflare's work around Keyless SSL was great,
but we've had HSMs for years -- that could have easily avoided such disasters
as Heartbleed.

3) Decent abstractions: With the advent of further distributed systems, and
modularization, we're going to see more and more interfaces between systems
crop up. Largely, CISOs are limited to what the systems, and networking team
can do. These limits typically manifested themselves at layer 4 on the network
side of the house, and limited layer 7 capabilities like URL filtering, and
file system ACLs. I think we need better stories around resource access and
authorization. For years, we've had systems like Kerberos which would have
been a great building block, but yet goes unused. I hope we see X509, and GPG
become more ubiquitous for access management, and encryption.

~~~
thanksgiving
> Rather than trying to combine multiple components into one monolithic
> process, breaking up components into their individual components.

Why does this only apply in the user space? The first thing I thought if when
I read this sentence was systemd...

------
ars
So, what do we do if we live in a world where it's impossible to prevent this
type of thing?

Is there anything we can do? Or just keep plugging holes as they come up?

For example I no longer expect my email address not to leak - it doesn't
matter who you send it to (which company or person) eventually it will leak.
There are only a few rare exceptions, which is the opposite of the kind of
world you want, but it's the reality.

For email, instead of concealing the address we focus on filtering the spam.

Is there something that can be done for passwords? Personal information? Other
things?

~~~
jdsnape
I think a slight change in approach is needed. In a lot of cases, your network
had a hard outer perimeter which was treated as unbreakable, and within that
was considered 'trusted'.

I think we're now finding that doesn't scale very well as it only takes one
hole and it's broken. It's better to treat the network as some level of
'untrusted' and protect your servers/computers better as individual units
accordingly.

~~~
calpaterson
"De-perimeterisation" in security-ese [https://en.wikipedia.org/wiki/De-
perimeterisation](https://en.wikipedia.org/wiki/De-perimeterisation)

~~~
hga
In military terms, it's switching from a crust defense (the perimeter) to
defense in depth.

There are situations where the former can make sense, such as a siege, where
e.g. a penetration is quickly obvious and you can use your interior lines of
communications to rush reserves to the action.

The key, of course, is the "quickly obvious". Prior to the stats of the art
allowing that (which sounds difficult and painful in principle), defense in
depth is obviously the way to go. But you've got to achive it in some why
where e.g. compromise of "bob@nvidia.com" \+ password doesn't quickly get you
past any defense, or any that's relevant to bob.

~~~
niels_olson
The military's defense in depth can get crazy though. Without going into
details, the smart people you want to do interesting things frequently end up
so severely hamstrung they give up before starting.

------
sseveran
Maybe companies could stop using reversible encryption to store passwords and
use a salted one way hash like grownups. I have so many different passwords
that for sites I use irregularly I just have to reset them everytime. Also
2-factor auth is a plus.

~~~
ryan-c
Would be nice if Active Directory/Windows supported something other than NTLM
(which is basically MD4) hashes. Even an old GPU can make billions of guesses
a second against it.

------
jpeg_hero
Interesting. Some random website is hacked and user account and passwords are
revealed. In the user accounts notice there is a "bob@nvidia.com" with
associated password. If you are the hacker, might as well type that in to
nvidia's corporate system right?

Scary.

~~~
Ixiaus
Passwords are clearly a badly broken model. Even if each entity handles your
password safely (you can easily argue that most don't) the weakest link in the
chain is _still the human being_.

~~~
akerl_
Use password manager -> generate high entropy passwords -> Victory.

It's pretty easy to keep your password manager secure against the threats that
most people actually face, and this removes the worst elements: password reuse
and low-entropy passwords.

~~~
raverbashing
Lose password manager master pw: you lose access to your accounts

Have your master pw compromised: have all passwords compromised

You're taking multiple failure points (which certainly has a higher chance of
a failure than a single failure point) and replacing it with a single point,
with lower chance of failure BUT with bigger consequences

~~~
ratsmack
I believe using a password manager is better than not using anything and
relying a single password for many accounts. One thing about a password
manager is that you control its contents and so I believe the risks can be
mitigated.

The following is a password manager developed by Bruce Schneier:

[http://passwordsafe.sourceforge.net/](http://passwordsafe.sourceforge.net/)

~~~
raverbashing
"and relying a single password for many accounts"

Then don't.

I rely on _similar_ passwords for non-important services, but important ones
have an unique password/2FA

------
tinco
Weird that the author would attack password post-its with passwords on them as
some sort of terrible practice. If Nvidia's employees would've all have
multiple passwords on post-it's on their monitors they would likely never have
been hacked at all.

Better to have 5 passwords on a post-it on your monitor, safely within the
guarded walls of your HQ office, than 1 password shared between your
Playstation game account and your gmail.

~~~
akerl_
That's a false dichotomy. There are, thankfully, options besides {write
multiple passwords on post-it note} and {use same password everywhere}.

Nvidia, and in fact all of us, should be teaching folks to not reuses
passwords and also to store them securely. It's almost 2015, and password
managers are available for pretty much any platform, they're secure against
the threats commonly faced by most people, and they're easy to use.

~~~
tinco
For a company like nvidia password managers (like lastpass) are a lot less
secure than post-it notes. I'm not trying to sketch a dichotomy, obviously
there are more secure ways of storing your passwords, like keeping the post-
it's in a personal locker.

~~~
hobs
How? I legit don't get this. Is it the fact they have one password for all
passwords?

Secondly, you are basically ignoring physical security when you discuss post-
it's as a means to secure a password. What happens when the "delivery man" or
"pizza girl" shows up to do deliver their package and steal all your
passwords?

While most work places get physical security dead wrong, these are simple
first steps.

~~~
tinco
Yes, I'm purposefully ignoring physical security, because I'm thinking of the
kind of threats nvidia faces.

It is important to have a security policy that fits your threat level, and the
engagement of your employees. You can expect from an upper management person
that he has a fast lock screen and an encrypted disk and a tight firewall on
his laptop. In those conditions it makes absolute sense to recommend a
password manager, preferably with a hardware security key. That's a fully
decked-out APT resistant upper management guy or sysadmin. This is also the
sort of target that would be the subject of a 'pizza girl' covert operative,
so yes having passwords on post-its would be horrible.

But that's not the type most likely got Nvidia. The other 50.000 employees is
what is getting our big corporations in trouble. A poorly secured Windows
laptop with out of date software, and no control on third party applications,
that's a terrible place for a password manager. How easy is it to write a tool
that extracts passwords from the manager if your tool got sysadmin rights by
posing as a Java plugin installer, or a cracked video game?

The sort of hacker that targets those employees is not necessarily an APT,
more likely as mentioned before the passwords of these employees were gotten
from big fly-by password leaks like the PSN hack. This sort of hacker wouldn't
even look at your physical security, they don't care about your physical
security, they're likely across an ocean from you, and likely wouldn't even
drive by your office if it was in the same town as they are.

The game is seggregating your security levels, and minimizing attack surface
where possible. Standardizing a password manager across 50.000 low-tech
employees sounds like a bad idea to me.

