| Policy: | | Any authorized user who is detected as performing a criminal hacking attack shall be blacklisted so they can never again sign in to make another criminal hacking attack. A criminal hacking attack is defined as causing the URL displayed in the address bar to be changed in a way that could cause different data to be shown. Criminal hacking includes changing the internal data flow between client and server to cause data to be changed that would not normally have been changed. |
| Blacklist: | | Hacking behaviour is detected and the user blacklisted so they can only view the home page. Where the URL or internal parameters are changed in any way, this behaviour is stopped and the user cannot sign in again. |
| Internal Penetration Test: | | An objective is to assume that authorized users with criminal intent may try to hack into data that they are not permitted to access - the test will uncover what a criminal user could do before such unusual behaviour is detected and stopped. | | Everything that an authorized user does is recorded and unusual behaviour is monitored to prevent problems from escalating out of control. An expectation is that where an authorized user steps out of normal working and into the world of hacking, then that behaviour will be detected and the authorized user blacklisted to prevent any further hacking behaviour. | | Hackers will have tools to pause communication from client to server and change the value of hidden fields - a program architecture has evolved over ten years to detect such behaviour and blacklist the user. | | A matrix of data and functional access controls should mean that a user in one office cannot view data that is owned by another office, but they could hack a program to view data that they are permitted to view by normal means. As a information leakage policy, the only error message shown is the home page and the user is blacklisted. |
| Rapid Application Development: | | The ASP have evolved a Rapid Application Deployment (RAD) framework over the last 20 years that employs an integrated infrastructure and three-tier application architecture that is replicated to many distributed secure data centers. | | Information Engineering Methodology (IEM) is used to analyse business requirements with a Fourth Generation Language (4GL) to declaratively document each user requirement. The 4GL is then used with a run time code generator with artificial intelligence techniques to eliminate program errors. | | The result is a single web server aapplication interface with a very small security surface that can be attacked by criminals. Normal POST and GET parameters are used in the URL, but these are sanitized by a query-string component that has learnt how to circumvent all security attacks. Both internal and external criminals are faced with the same application with the same parameters as the only thing they can attack. | | Before getting things out of context, business continuity is 100 times more important than security threats. |
| | | Risk Analysis: | | Investment in the PenTest is: | | 1. To ensure that the cost of security measures is applicable to the level of threat. | | 2. To ensure that authorized users with criminal intent are not able to access data they they are not entitiled. | | 3. To ensure that fraud has nowhere to hide - every field value change is identified with an authorized user at a specific date and time. | | 4. To get an independent opinion regarding self-evident business risks. | | Business risks where an authorized user would become a criminal and put their job on the line may include: | | 1. Can an authorized person see data that is owned by any other authorized person? | | 2. Can a BM see data that is owned by another BM? Can the French BM see data owned by a Greek Broker? | | 3. Can a Broker in one BM office use a scheme that is owned by a different BM office? | | PenTest investments will offer an opinion regarding what a criminal authorized user could achieve. |
| Data Access Controls: | | Broker data access control is built into every CRM record as the Brokers key, date and time where the record was created. This ensures that each Broker can only see CRM data where they are the author of that data. | | BM data access control is built into every CRM record as the BM office key is stored as the owner of the data. This ensures that each BM can only see CRM data where they are the owner of that data. | | BM data access control is built into every Scheme record as the BM office key is stored as the owner of the data. This ensures that each BM can only see Scheme data where they are the owner of that data. |
|