Security Architecture

Human vulnerabilities are the main source of security risks accounting for 75% of the total cases. Hence, we strive to automate all processes and provide powerful management and control tools. Additionally, we aim to minimize the risks arising from uncontrolled external services and potentially harmful connections.

Process automation reduces dependency on human actions. Empowering users of the system with robust tools enables them to effectively oversee and manage the security measures in place. Furthermore, by implementing stringent controls and monitoring of external services, we can mitigate the risks associated with their integration into the overall infrastructure.

Our goal is to establish a comprehensive system that minimizes human error and strengthens the overall security, ensuring top level of protection of the company assets and sensitive information.

Main attack vectors

identified during our investigations

Passive Cyber Protection - Technical Vulnerabilities

List of key technical cyberattacks and our solutions for their prevention,
implemented within our security architecture:

Attack on server with ransomware (data encryption)

Solution:

- Continuous monitoring of server activity and activity of users with elevated privileges in the high-security zone
- Allowing access for employees to high-security zones only during working hours
- Permitting upload of only approved data formats to the server with pre-validation through a microservice
- Creation of a real-time backup database
- Activation of security protocols in case of a breach or hacker attacks

Brute-force attack (attack on authorization)

Solution:

- Limit the number of unsuccessful requests to the server by increasing the time interval for each subsequent request (by using standard libraries and custom scripts).
- Automatic suspension of authentication for accounts with elevated privileges after multiple failed login attempts until a decision is made by an authorized person.
- Real-time notification to the security system about any incorrect authorization attempts and their source.
- Creation of dummy login forms to divert such attacks by automated attacking bots.

Attack Men in the middle

Solution:

- Utilization of an authorization key for connecting to the remote service
- Input validation of data from the remote service through a microservice
- Permitting upload of only approved data formats to the server with pre-validation through a microservice
- Creation of an additional independent channel for receiving and comparing the obtained data.
- Activation of security protocols in case of a breach or hacker attacks

Attack DNS spoofing or DNS cache poisoning

Solution:

- Utilization of a custom script for continuous ping domain comparison with the original IP address on the remote server.
- Employment of cyber reconnaissance tools for proactive detection of such attacks.
- Activation of security protocols upon detecting the type of the attack.

Attack on the server's IP address

Solution:

- Removing the root user.
- Disabling password-based login (enabling SSH key-based authentication only).
- Proxying open ports.
- Configuring Firewall Iptables.
- Real-time monitoring of activity on open server ports with activity display.
- Creating a blacklist of blocked IP addresses using Iptables.

Attack on database with SQL Injection

Solution:

- Validation of all incoming requests for the presence of injected logical symbols and replacing them with alternative special HTML characters.
- Utilization of models and strict data typing for the database.
- Additional control over outgoing server traffic.

Attack Cross Site Scripting (XSS)

Solution:

- Disinfection of the form from the JavaScript injection
- Verify all obtaining information from frontend
- The use of special filters from the introduction of the executable code

Attack on the wallet private key

Solution:

- Utilization of pre-built hardware solutions with a proven track record of uninterrupted operation over an extended period (such as Ledger Enterprise, Trezor...)
- Incorporation of an embedded transaction monitoring system to compare transactions with internal system records (activation of emergency protocol upon detecting a transaction mismatch between the Blockchain and the operational server)

Attack on the wallet external key

Solution:

- Pre-binding of the user's wallet through an authorization transaction and via email (preventing man-in-the-middle attacks)
- Additional browser-based key verification and comparison with the key hash on an external verification server
- Creation of a whitelist for verified open keys
- Continuous network monitoring through cyber reconnaissance to detect the appearance of a cloned web resource (activation of security protocols upon its detection)

Attack Negative SEO

Solution:

- Implementing bot request blocking when accessing the web resource.

Attack distributed denial-of-service (DDoS)

Solution:

- Development of client-side rendering (CSR) applications to offload the server-side workload onto client devices.
- Complete server-side offloading by distributing internal workload to separate remote services.
- Implementation of load control for individual requests and request prioritization through the construction of a queue system using Redis.
- Utilization of standardized and custom scripts for controlling and limiting server memory usage for request processing
- Implementation of Kubernetes technology for automatic and uniform load distribution across all utilized servers.
- Integration of additional resources through cloud services.

Human Factor

Social Engineering or Ethical hacking

Solution:

- Maintaining a white list of employees with elevated access rights.
- Real-time logging on remote servers of all activities performed by employees with elevated access rights.
- Automatic notifications to the security system in case of data changes and modifications to critical data settings.
- Creating a security protocol for unauthorized access attempts, data changes, or data transfers.
- Strict control over installed software on employees' work computers.
- Internal corporate chat with end-to-end encryption.

Insider Threats

Solution:

- Implementing a system that prevents a single employee with elevated data access rights from modifying critical data.
- Restricting access to critical information outside of working hours.
- Real-time logging on remote servers of all activities performed by employees with elevated access rights.

Insider Financial Breach

Solution:

- Comprehensive logging of all server activities with duplicate logs stored on a remote server inaccessible to employees.
- Maximum segregation of employees into access levels for necessary documents required to perform their job duties.
- Allocation of limited operational resources for conducting transactions, with access limited to work computers during specified working hours. This includes financial reconciliation and cash handling during shift handovers.
- Confirmation of withdrawals exceeding threshold amounts with approval from responsible personnel, along with automatic notifications sent to corporation owners.
- Implementation of a security protocol that allows the corporation owner to halt the transfer of financial resources.

Active Cyber Protection

This system is designed for the following companies:

1. Companies store confidential information on their servers
2. Companies manage financial assets
3. Companies provide their customers with various services.

The system includes:

1. External protection against possible hacker attacks
2. Internal protection against illegal actions of company employees who have elevated access rights.
3. Remote control and management system for owners
4. Security protocols for consistent actions in critical situations aimed at mitigating the consequences of violations of the security perimeter

1) User Interface: This is the client side of the application. Through this part, the client interacts with the company's software product.

In 99% of cases, this part of the application has the ability to authorize users, operators and administrators.

This allows attackers with stolen sensitive information to gain elevated access.

In the proposed architecture, the client part of the application has a physically limited access level - this is a registered user.

This allows the registered user to access only their credentials.

2) Main Clients Transit Backend: Client side via DNS server. The domain name is converted to a specific IP address and communicates with the back end of the application via the Main Clients Transit Backend.

1. External protection against possible hacker attacks
2. Internal protection against illegal actions of company employees who have elevated access rights.
3. Remote control and management system for owners
4. Security protocols for consistent actions in critical situations aimed at mitigating the consequences of violations of the security perimeter

1) User Interface: This is the client side of the application. Through this part, the client interacts with the company's software product.

In 99% of cases, this part of the application has the ability to authorize users, operators and administrators. This allows attackers with stolen sensitive information to gain elevated access. In the proposed architecture, the client part of the application has a physically limited access level - this is a registered user. This allows the registered user to access only their credentials.

In a typical web architecture, the backend stores the data and business logic of the entire application. Attackers try to gain access to the server part during a cyberattack.

In the proposed architecture, these servers do not store logic and data. They are transit servers. These servers pass only user requests through themselves and transmit information from other servers.The hacker can only access the client side, which contains the IP address of the server side. For this reason, the hacker attacks the transit server.

The transit server has inside:

1. Fake database
2. Storage of special files with scripts for transferring geodata. It contains:

A. Keyloggers
B. Sniffers
C. File transfer services

These special files allow intruders to be tracked if they have accessed the server and downloaded these files to their computer. Therefore, the security architecture is Active, allows you to attack and obtain information about intruders. Except in cases where the attackers download files to remote servers, which complicates the investigation process.

The attacker tries to clean up system logs (logs) after gaining access to the server. He does this to hide his activity. Transit servers write system logs to an external server, making it impossible to clean up or delete intrusion data.

Automatic or semi-automatic launch of the security protocol occurs when accessing the server. The system will switch to the mirror server (Mirror Clients Transit Backend) by changing the DNS settings to a different IP address.

The compromised server is disconnected from the network. Then, an investigation is carried out and the methods that allowed illegal access are identified.

The company's clients will continue to work with the mirror transit server part and do not experience discomfort, since the switching process takes very little time.

3) External & Internal services: The system involves the connection of external and third-party services. This protects the company's clients from failures on uncontrolled external services (KYC, Payment system ...)

It also allows:

1. Log
2. Constantly collect statistics on the operation of services.
3. Compare the required technical parameters of services with reality.
4. Save data after external external service
5. Save data after replacing the external service.
6. Connect multiple cases through one user interface. For example, connecting several payment systems for customers from different countries.
7. Make the replacement of sudden services imperceptible to the company's customers.

4) Manager Frontend: The proposed architecture allows you to connect authorized computers of company employees with an increased access level (admin, operator…). The connection takes place over an encrypted data line without the use of DNS.

Company managers perform their job descriptions using a client application for authorized computers.

The client application consists of:

1. Tools for content management
2. Settings.
3. Tools for managing profiles that are not available on the client side of ordinary users.

5) Main Managers Transit Backend: The server part of the application is also installed on the transit server. It is logged and stores information on an external server. This server is inaccessible to company personnel and makes it impossible to damage the company. This is necessary to avoid illegal actions by company personnel or persons with unauthorized access.

6) Main DB: this is the heart of the system. This server is a backend for the owners or top managers of the company, who have the maximum level of access. This server can also have its own mirror copy in case of a possible technical failure or for continuous operation during maintenance work.

Main DB server stores all valuable information and logs.

On it you can:

1. Carry out any system settings
2. Connect or block employees
3. Set up a schedule
4. Configure access to data from specific computers
5. Control the movement of finances
6. Block ongoing transactions
7. Run security protocols

7) Top Manager Frontend: This client interface has the maximum capabilities. It has features not available on dedicated computers of company employees.

The connection is made without DNS only by IP and the parameters of a specific device entered in advance into the main server part (Main DB). Unable to connect from other computers.

This client service allows you to:

1. Manage the operation of the enterprise and individual services in real time.
2. Receive push notifications about any system anomalies
3. Run security protocols in automatic or semi-automatic mode.

Security protocols: there is a need for certain actions at the time of hacking or abnormal actions of clients (critical situations), employees, authorities. These actions help prevent dangerous consequences. When a critical situation occurs, staff or managers are under stress. Delay in decision-making will complicate the consequences. Previously, such protocols were developed in the form of step-by-step instructions. Personnel were required to follow these instructions when a certain situation occurred. Similar instructions are widely used in military and civil aviation, at nuclear power plants, etc.

We develop similar instructions, but only in program code. This code can be run by company executives or business owners when the need arises.

For example, a manager might run the following protocol:

1. Corrupt data on remote servers and make it impossible to restore them
2. Disable a specific service on which abnormal processes occur
3. Stop a suspicious transaction for additional verification
4. Change the address of the transit server when receiving an intrusion notification

All these instructions are created individually at the request of authorized employees of the company.

The uniqueness of this architecture is as follows:

1.Easy to use
2. Physical restriction of access to data depending on the source of the request
3. The ability to protect against illegal actions by company employees
4. The ability to find attacking intruders.