Operational Security Part 4: Computer Network OPSEC
By Richard McEachin
Your best defence is concealing your entire intelligence operation and especially its computer networks.
By Richard McEachin
Who’s Watching & Listening
The security of your connection to the Internet is a critical issue. The individuals and firms that support your IT should not know what they are supporting because you cannot thoroughly investigate their reliability, loyalty, and affiliations.
You never know who is watching if you use an existing corporate network connection to the Internet. In a normal security setting, investigating someone inside your own company while using the company network to search the Internet is risky. You cannot be sure that your investigation will not be compromised because someone sees what you are searching and then tells the wrong person. The same risk applies to the security intelligence function.
Using encrypted HTTPS browser connections may not offer any privacy. It is becoming more common for large companies to insert an inline HTTPS proxy in the network to read and analyse this traffic by creating a man-in-the-middle. No security function can remain secure on a network configured in this manner.
For intelligence purposes, the simplest solution is to have a separate Internet connection installed for the research done by your security intelligence operation. It is best to obtain this connection from a different ISP and pay for it through a different company.
Typically, the online intelligence research, collected data, and analysis and reporting will reside on separate isolated networks. In a very small operation, this could mean just three isolated computers.
Of course, the intelligence function should never use WiFi and always shut-off any dedicated Internet connections when they are not in use.
Keeping Digital Doors Locked
Passwords need to be four-word pass phrases or long, randomly generated strings of characters, preferably used with a USB two-factor token like those from Yubico.
A token is a small device that you register with a service or site that supports two-factor authentication. With two-factor authentication, each time you log in, the service will request proof that you have the token in addition to your regular username and password. Phishing, malware, and other attack methods do not work because they would need both the physical key and your passwords to breach the protected system.
Two-factor authentication with a token increases the security of the login process and protects data. The token is not limited to one computer or mobile device, and one token supports any number of your accounts.
It can also provide hardware storage of your PGP (Pretty Good Privacy) secret keys and the public-key cryptography happens inside the tamper-proof device. This prevents decryption of your secret key in the memory or its storage on your computer’s drive.
It is best to use the token in conjunction with a password management application. This creates another layer of complexity, but once your organization learns how to manage and support the tokens, encryption, and password managers together, your systems will be much more secure.
Richard B. McEachin is the principal of McEachin & Associates Ltd. (ConfidentialResource.com).