Imagine you are a London law firm dealing with large charities, universities, large businesses, wealthy individuals and the head of state, not the prime minister David Cameron but Queen Elizabeth II. The first set of clients need good protection, more than those of a standard British law firm and Queen Elizabeth II would need top notch protection, potentially up a government rating of Secret or even Top Secret. On top of this only a few senior partners would deal with the client and their background checks would be higher.
Mossack Fonseca is/was different to the above since all the clients were famous and very wealthy yet it seems the protection was poor and very dated. If you are dealing with such people and they pay a premium for your skills surely you can afford better protection and skilled security staff? ISO 27001 is held by some global large law firms but this does not necessarily mean you are very secure. So what are your options you may be wondering? Implement extreme security with granularity or create a small offline closed network. Both have pros and cons with the latter being stronger though less flexible.
If you were to ask someone on the street today what makes computers and data in-secure, they will likely reply back with: evil hackers, malware and the internet LAN cable or Wi-Fi connection. Take the internet connection away and your data is greatly more secure. If you cannot or will not remove the internet, then you need “militant” security covering all bases possible.
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” - Professor Gene Spafford of Purdue University. Yes, nothing can be 100% like physical security but you have to try and make it very hard to break in or smuggle data out.
One: Offline closed network option
Yes, close to “100%” with no way at accessing the network over the internet but flexibility is next to zero. The only way of getting data would be breaking into the building and stealing the hardware tokens. Backup would need to be manual via an external hardware encrypted hard drive stored on-site in a waterproof & fire proof safe with an extra drive stored outside in a vault. Backups would need to be done by a very trusted person daily, i.e. the company owner or head of security. The below setup is similar to those used by intelligence agencies globally or department of defence’s (British English= the MoD).
Hardware
- File server
- Router
- Desktops
- Highly secure controlled room
- Network cables
- Hardware encrypted USB hard drive
- Lockable server and desktop cabinet
- Kensington locks
- USB and CD blocking software for server and desktops
- File server locked in a cabinet and bolted to the floor
- Desktops in a lockable cabinet thus hiding USB ports, motherboard and CD drives
- Full disc encryption or SED (self-encrypting drives) on desktops and server
- Fully patched up pre-release
- No other network access or connection to the internet in any form
- Two factor authentication for endpoint login
- Hardware token to access and control vault access by department or project
- Master hardware token stored in a strong safe onsite with grandmaster kept externally
Option one maybe ultra-secure but it is very inflexible and data cannot be moved or backed up easily. Internet access comes with great
- Very similar to the above but with internet access and the below:
- Security focused DNS
- URL whitelisting
- Application whitelisting
- Anti-exploit
- No Wi-Fi
- Block EXEs, macros and other files on email and web filters
- Code stripping on email
- Full HTTP(s) inspection and scanning
- No inbound ports open unless on strong VPN and limited outbound ports open
- Limited social media exposure
- Endpoint, web and email DLP
- File level encryption which only works internally
- No website connectivity or storage
- No exposed logins i.e. on website or OWA