weiqi and infosec
DESCRIPTION
As Information Security (InfoSec資安) Profession, we tend to focus on a particular domain because it is happening right now and we often miss the bigger picture. Weiqi (圍棋) is a Chinese board game of moving pieces in order to gain greater area of board. It is more popular known in the West as Japanese Go. Weiqi has been often used to metaphor on one’s life, business, and military conflict where one gains or loses grounds. By observing weiqi in play, it can help us seeing our company’s Information Security in its entirety. This is 1st of 3 part series on Weiqi/InfoSec. This slide will focus on weiqi components and how they are similar to InfoSec World.TRANSCRIPT
InfoSec is a weiqi board
圍棋和資安Weiqi and InfoSec
Chuan Lin, CISSP
SummaryAs Information Security (InfoSec 資安 )
Profession, we tend to focus on a particular domain because it is happening right now and we often miss the bigger picture.
• Weiqi ( 圍棋 ) is a Chinese board game of moving pieces in order to gain greater area of board. It is more popular known in the West as Japanese Go.
Summary• Weiqi has been often used to metaphor on
one’s life, business, and military conflict where one gains or loses grounds.
• By observing weiqi in play, it can help us seeing our company’s Information Security in its entirety.
• This is 1st of 3 part series on Weiqi/InfoSec.
• This slide will focus on weiqi components and how they are similar to InfoSec World.
Weiqi Component – Stones 黑棋子Stones are playing
pieces that both players take turn placing them on board. Once placed, these stones can’t be moved until it is completely surrounded by opposing pieces.
In Weiqi, black stone ( 黑棋子 ) has the first move.
"Stones go" by Chad Miller - Flickr: pente. Licensed under Creative Commons Attribution-Share Alike 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Stones_go.jpg#mediaviewer/File:Stones_go.jpg
Weiqi Component – Stones 黑棋子Black Stones in
InfoSec can represent technologies, tools, social engineering, and the human component. These pieces are used in advanced persistent attacks as being dedicated, concealed, coordinated, and goal oriented.
"Stones go" by Chad Miller - Flickr: pente. Licensed under Creative Commons Attribution-Share Alike 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Stones_go.jpg#mediaviewer/File:Stones_go.jpg
Weiqi Component – Stones 白棋子
White Stones ( 白棋子 ) in InfoSec are represented as administrative, physical and technical controls that are able to support each other without dissonances.
They can be firewall, RFID card, security camera, logs, guards, etc. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via
Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGoban.JPG
Weiqi Component – Stones 白棋子Whatever they may be,
these white stones have to work in unison, to support one another. Firewall is only as good as the person who maintain it. InfoSec Profession can only be as effective as the company policy dictated. And policy can only be forceful if people and technology are backing it up.
"FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGoban.JPG
Weiqi Component – Board 碁盤
Stones are placed at the intersect points on a playing board which is called goban ( 碁盤 ).
There are three goban size that corresponded the skill of the players which also corresponded to a company size. "Blank Go board" by Gringer (talk) - Originally based on
File:Blank_Go_board.png, but SVG has since been manually rewritten. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Blank_Go_board.svg#mediaviewer/File:Blank_Go_board.svg
Weiqi Component – Board 碁盤
A goban represents a company/business physical location.
These intersect points are the converging points of network, electrical, hardware, software and human presence.
"Blank Go board" by Gringer (talk) - Originally based on File:Blank_Go_board.png, but SVG has since been manually rewritten. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Blank_Go_board.svg#mediaviewer/File:Blank_Go_board.svg
Weiqi Component – Board (2)碁盤A goban of 9x9 is for
beginner which has 4 dots which are known as star points ( 星 ). They have strategic and tactical importance. There is a center point called Tianyuan ( 天元 ) or tengen. It is the center of heaven.
Weiqi Component – Board (2)碁盤This is similar to
organization structure of a regional size company whose star points are…
These start points are area of controls which are targeted by attackers.
administration
HR
finance
IT
data
Weiqi Component – Board (2)碁盤For InfoSec of a
regional size company, these star points can also view as…
By maintaining a control over a star point, hacker may advance to cover more area/InfoSec may contain hacker’s movement.
network
software
hardware
employees
data
Weiqi Component – Board (3)碁盤Next goban board is
13x13 and the largest board is 19x19. They represent national or international sized corporation. They have 6 to 9 star points of strategic and tactical importance in game and in real world.
Weiqi Component – Board (3)碁盤Organization
structure of both national and international businesses will have additional star points which are...
adminsitraton
HR
IT
research
law
vendors
finance
core business
Data
Weiqi Component – Board (3)碁盤Both national and
international businesses will have additional star points which need to be consider when planning out defenses.
Even now, hackers are thinking of another venue of entrance by thinking out of the box.
network
hardware
software
location
employees
vendors
energy
Internet of things
Data
Lines of Defense: Influence Line ( 勢力線 )If you line up all those
star points, they form into the 4th Line of Defense, the Influence Line.
This is an optima area of player to expand to all direction.
However, it is easier to expand toward the center than to the edge.
Lines of Defense: Influence Line ( 勢力線 )Influence Line in InfoSec
is where the threat is detected within the premise, or within the company network.
The threat has almost unlimited potential to move around because it is inside of all layer defenses.
Nonetheless, it will be harder to expand outward than inward because of same reason above.
"FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGoban.JPG
Lines of Defense: Onsite Line ( 實地線 )If you draw a box
surround all those star points, they form into the 3rd Line of Defense, the Onsite Line.
Like Influence Line, this is a potential because it can establish a link toward the outside or the inside.
Lines of Defense: Onsite Line ( 實地線 )Onsite Line in InfoSec
is where the threat is detected within public area of the premise, or at the 2nd firewall layer.
The threat is attempting to establish a connection between the outside and the inside. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via
Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGoban.JPG
Lines of Defense: Failure Line ( 失敗線 )If you draw a box at a
point right next to the border, they form into the 2nd Line of Defense, the Failure Line.
Though line is longer than 3rd and 4th, it does not have much maneuverability.
This line is played during mid to late game.
Lines of Defense: Failure Line ( 失敗線 )Failure Line in InfoSec
is where the threat is detected at the public area around the premise, or at the DMZ.
If this showed up after an internal breach is detected, this may be an attempted to establish a connection. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via
Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGoban.JPG
Lines of Defense: Demise Line ( 死亡線 )If you draw a line
around the border, they form into the 1st Line of Defense, the Demise Line.
This line is usually exploited in mid to late game to establish spheres of controls.
Lines of Defense: Demise Line ( 死亡線 )Demise Line in
InfoSec is where the threat is detected away from the premise, or at the first firewall of the company website.
The threat is far away that InfoSec has time to strengthen defenses in depth.
"FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGoban.JPG
Game of Weiqi has been around for centuries. Yet, it still can provide profound insights to the 20th Century InfoSec Professional.
For hackers, their DDOS and ransomware are not made up an all powerful single identifiable majestic piece (i.e. the Queen) but consisted multitude of negligible pieces (i.e. the stones) that when synced up, it can deliver a devastating punch.
For administrators, it is not about the best tools that money can buy, but inclusive of employees, security policy, incident responses, contingency plans, and more importantly, the communication that interlocked around corporate data.
Conclusion
Besides traditional entry points of network, hardware, software and physical, there are other new entry points which become apparent as a company getting larger.
These new entry points could provide the VPN for an impeding attacks that bypass layer defenses.
Layer defense strategy shouldn’t just apply to incoming attacks but also to block attacks from phoning home.
Next Weiqi/InfoSec powerpoint will focus on how the game mechanic resemble an attack.
Conclusion