A Potential Silver Lining in a Government Shutdown

Friday, April 08, 2011

Wayde York


If the Federal government does shutdown, the result will be hardship to many who do not deserve it.

Another result will be a much quieter network, since the vast majority of Federal workers will not be able to log in and work.

During this time frame, focusing on what traffic still remains may give us an unprecedented clue about what is happening on these networks that would typically blend in with the normal activities.

Advanced Persistent Threats (APT) and Bot Nets are well known threats that exploit our systems to mine data, disrupt others and target specific sensitive information.

They work in the background in a "low and slow" method and finding them in the din of normal network traffic is difficult.

Perhaps if the shutdown does occur, the layers of noise that protects these threats will be pulled back.

Federal networks should focus on what is happening laterally within their LANs and what content is traversing their outer borders. 

According to a Wired article found HERE:

"The attacks go undetected because most victims only monitor data coming into networks, not inside a network or going out of it. "

"Spear-phishing attacks and zero-day exploits often circumvent protections against data coming in, and data being siphoned out is generally disguised to resemble legitimate traffic."

Since Security Operations Centers (SOC) will likely be an "excepted service" category under a shutdown, these teams will have the view they need of their networks, and far less data through which to filter.

We may find a number of surprises lurking in these networks and have an opportunity to jump ahead of the threat.

Possibly Related Articles:
Government APT Cyber Security Advanced Persistent Threats Network Security Federal
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.