Hackers exploited a ‘zero-day’ vulnerability, manipulating an overlooked error in a recent security patch, according to reporting by the Washington Post. These types of attacks have become a fact of life for businesses as hackers are constantly on the lookout for even the most minor of exploitable vulnerabilities in commonly used programs like SharePoint.  

As Microsoft and affected agencies scramble to recover from the data breach, it’s important to remember that more effective architecture and security measures could have prevented this. Among the many potential improvements that could have significantly reduced potential damage are data diodes – hardware that has become a key feature of modern high-security server architecture.  

How data diodes prevent cybercrime 

These devices are designed to enforce strict one-way data flow between networks from a high-security network to a less-secure network, or vice versa. Unlike traditional firewalls or software-based solutions, a data diode physically prevents data from traveling bidirectionally to or from an air-gapped network, only allowing information to flow in one direction. Only specialized solutions, like Connecting Software’s, can work with explicitly one-way lines to give them full functionality securely. 

Solutions like these stop unauthorized data exfiltration (the theft or leaking of sensitive information) because bidirectional direct communication is impossible – meaning that while authorized employees can exchange data, attackers don’t receive a response from a request to steal it. 

Data diodes are also known for preventing lateral movement, as attackers can’t move within the network, traveling from one system, server, or segment to another, usually to locate sensitive data or escalate privileges after gaining an initial foothold. If an attacker were to gain a foothold in a less secure network connected to a high-security network via a data diode, commands can be sent but they will not receive a response since the information comes through a separate on-way communication channel. 

How data diodes could have prevented this hack  

If data diodes had been used in this instance, they could have prevented key sensitive information from being exfiltrated through the network, given that the SharePoint server itself would have had no direct network connection to external untrusted networks such as the internet. 

There are limitations to this approach – the physical measures would have only stopped these hackers from attempting their attack if their data diodes explicitly prevented any inbound network connections from untrusted networks to the vulnerable SharePoint instance. Regardless, the speed at which hackers were able to access critical networks and gain access to sensitive information underlines the importance of a well-designed physical architecture paired with stringent zero-trust configurations. 

The Connecting Software approach 

Data Diodes are an increasingly vital part of modern security to prevent large scale hacks like these but can be quite inconvenient for organizations without the proper software. Because data diodes enforce one-way communication, it can be extremely inconvenient to synchronize useful data like shared files, contact information, and calendar events across these networks.  

Connecting Software has developed a suite of software designed to bridge this gap – with products designed to synchronize critical information while maintaining the critical security of data diode. These products offer a truly ‘best of both worlds’ approach, letting you maintain the overall security of your network while retaining the ease of synchronization and network communication that you would have with a two-way connection.  

To learn more about these products, visit the product pages here: 
https://www.connecting-software.com/connect-bridge-for-air-gapped-networks/  

https://www.connecting-software.com/secure-sync-for-sharepoint/