by

How to Implement Border Internet Discovery (BID) for Enhanced Cybersecurity

Using ProCheckUp's BorderNet System

ProCheckUp's BorderNet System enables your organisation's security team to concentrate on decision-making based on the report output and data generated, without being saddled with the intricacies of implementing, operating, and integrating a BID system with your existing security solutions.

Introduction

With the increasing number of cyber threats and the sophistication of cyber attacks, protecting your organisation's internet-facing assets is more important than ever. Border Internet Discovery (BID) is a powerful strategy that enables organisations to identify, monitor, and protect their internet-facing assets effectively.

This comprehensive guide will walk you through the process of implementing BID in your organization. We will break down complex concepts into simple, actionable steps, ensuring that you can easily integrate BID into your existing security infrastructure. Additionally, we will discuss the various tools and techniques used in BID, and highlight the benefits of continuous monitoring and assessment.

By the end of this guide, you will have a clear understanding of how to leverage BID to enhance your organisation's cyber-security posture, reduce vulnerabilities, and respond more efficiently to potential threats.

What is Border Internet Discovery (BID)?

Border Internet Discovery (BID) involves the systematic identification and continuous monitoring of an organization's internet-facing assets. These assets include web servers, IP addresses, domain names, and other public-facing digital resources that could be potential entry points for cyber threats. By implementing BID, organisations can proactively detect vulnerabilities and mitigate risks before they can be exploited by malicious actors.

Key Components Of BID:

DNS Names: The Domain Name System (DNS) translates human-readable domain names into IP addresses. Monitoring DNS names helps in identifying changes or anomalies that could indicate a security threat.

IP Addresses: Managed by regional internet registries, IP addresses are unique identifiers for devices on a network. Tracking IP addresses helps in understanding the geographical distribution and potential vulnerabilities of your assets.

SSL Certificates: Secure Sockets Layer (SSL) certificates are essential for encrypting data between a user's browser and a web server. Monitoring SSL certificates ensures that your communications remain secure and helps identify expired or mis-configured certificates.

Autonomous Systems (AS): An AS is a collection of IP addresses/networks managed by a single organization/entity. Understanding AS relationships helps in mapping out the network infrastructure and identifying potential vulnerabilities.

Border Internet Discovery (BID) Steps

Step 1: Understanding Your Internet-Facing Assets

Before implementing Border Internet Discovery (BID), it is crucial to identify and catalog all your internet-facing assets. This foundational step ensures that you have a comprehensive inventory of all digital resources that need to be monitored and protected.

Types of Internet-Facing Assets

  • Web Servers: These servers host your websites and web applications, forming the backbone of your online presence.
  • DNS Servers: These servers manage the resolution of domain names to IP addresses, playing a critical role in your internet infrastructure.
  • Mail Gateways: These systems handle the sending and receiving of email, ensuring secure communication.
  • Portals: Secure access points for employees, customers, or partners to access various services and information.
  • VPN Gateways: These gateways allow secure remote access to your internal network from the internet.
  • Autonomous Systems (AS): The network infrastructure that supports your internet connectivity.

Steps to Identify Assets

1.Conduct a DNS Audit:

Use tools like DNSdumpster and Dig to identify all your domain names and subdomains.

  • DNSdumpster: A useful tool for mapping your digital footprint, including subdomains.
  • Dig: A command-line tool that helps you query DNS servers to retrieve domain information.

2. IP Address Mapping:

Utilise Regional Internet Registry's like RIPE and ARIN to map out your IP address allocations.

  • RIPE (Réseaux IP Européens): Manages IP addresses in Europe, the Middle East and parts of Central Asia
  • ARIN (American Registry for Internet Numbers): Manages IP addresses in North America.
  • APNIC (Asia Pacific Network Information Centre): Manages IP addresses in the Asia Pacific region.

3. SSL Certificate Inventory:

Use tools like SSL Labs to catalog and assess the security of your SSL certificates.

  • SSL Labs: Provides a comprehensive analysis of your SSL configuration, identifying potential weaknesses.

4. Network Mapping:

Use network mapping tools to identify and document your Autonomous Systems and associated IP ranges.

  • Tools like Amass and Censys: Can help you map out the network infrastructure and discover potential vulnerabilities.

Step 2: Tools for Border Internet Discovery

Implementing Border Internet Discovery (BID) requires leveraging a variety of tools and frameworks designed to identify, catalog, and monitor your internet-facing assets. These tools provide valuable insights and alerts for potential security threats, ensuring continuous protection of your digital footprint.

Essential BID Tools

1.Shodan

Scan your IP address range to identify publicly accessible devices and their vulnerabilities.

  • Website: www.shodan.io
  • Purpose: A search engine for internet-connected devices, Shodan helps identify exposed assets and their associated vulnerabilities.
  • Key Features:
    Device and service identification.
    Vulnerability detection.
    Real-time alerts.

2.Censys

Perform detailed searches to uncover hosts and networks that are part of your organization.

  • Website: censys.com
  • Purpose: Censys enables researchers to ask detailed questions about internet hosts and networks, providing comprehensive asset visibility.
  • Key Features:
    Host and network search.
    SSL certificate analysis.
    Historical data.

3.Sublist3r

Run subdomain scans to ensure no subdomain is left unmonitored.

  • GitHub: Sublist3r
  • Purpose: A subdomain enumeration tool that aggregates results from multiple sources, helping you discover all subdomains related to your domain.
  • Key Features:
    Passive and active enumeration.
    Integration with other reconnaissance tools.
    Customizable output formats.
  • How to Use:
  • python sublist3r.py -d example.com

4. Amass
Utilise passive methods for stealthy subdomain discovery or active methods for comprehensive mapping.

  • GitHub: Amass
  • Purpose: An in-depth subdomain enumeration tool offering both passive and active discovery methods.
  • Key Features:
    Comprehensive subdomain discovery.
    DNS and network infrastructure mapping.
    Integration with various data sources.
  • How to Use:
  • bash
    amass enum -d example.com

5.SSL Labs
Conduct thorough assessments of your SSL configurations to ensure secure communications.

  • Website: ssllabs.com
  • Purpose: Provides a comprehensive analysis of your SSL configuration, identifying potential weaknesses.
  • Key Features:
    SSL certificate validation.
    Configuration grading.
    Security recommendations.

6. Recon-ng

Leverage its modular framework to automate and enhance your reconnaissance efforts.

  • GitHub: Recon-ng
  • Purpose: A full-featured web reconnaissance framework that provides powerful modules for data collection and analysis.
  • Key Features:
    Modular framework with extensive capabilities.
    Integration with various OSINT sources.
    Automation of reconnaissance tasks.

7. TheHarvester

Gather extensive data from public sources to build a comprehensive asset inventory.

  • GitHub: TheHarvester
  • Purpose: A tool for gathering emails, subdomains, hosts, employee names, and other information from public sources.
  • Key Features:
    Email and subdomain harvesting.
    Integration with multiple data sources.
    Customizable search parameters.
  • How to Use:
  • bash
    python theHarvester.py -d example.com -b all

Step 3: Implementing BID

Implementing Border Internet Discovery (BID) involves several key steps to ensure that your organisation can effectively identify, monitor, and protect its internet-facing assets. This process requires setting up and configuring the necessary tools, establishing continuous monitoring practices, and integrating BID with your existing security infrastructure.

1. Setup and Configuration
The first step in implementing BID is to set up and configure the necessary tools. This involves installing the tools, setting up necessary accounts or API keys, and configuring them to scan your internet-facing assets.

Steps:

  • Install and Configure Tools: Install tools like Shodan, Censys, Sublist3r, Amass, and SSL Labs on your systems.
  • API Key Setup: Ensure you have API keys for tools that require them, such as Shodan and Censys.
  • Initial Scans: Perform initial scans to identify your internet-facing assets and establish a baseline inventory.

2. Continuous Monitoring
Continuous monitoring is crucial for maintaining a robust BID implementation. By regularly scanning and monitoring your internet-facing assets, you can quickly detect and respond to potential vulnerabilities and threats.

Steps:

  • Schedule Regular Scans: Use tools like Amass and Sublist3r to schedule regular scans of your domains and subdomains.
  • Real-Time Alerts: Configure real-time alerts in tools like Shodan and Censys to notify you of any changes or new vulnerabilities.
  • Periodic Audits: Conduct periodic audits using SSL Labs to ensure your SSL configurations remain secure.

3. Integration with Security Infrastructure
Integrating BID with your existing security infrastructure is essential for seamless operations and enhanced threat detection and response. This involves linking BID tools with your Security Information and Event Management (SIEM) system and other security platforms.

Steps:

  • SIEM Integration: Integrate BID tools with your SIEM system to centralize data collection and analysis.
  • Automated Responses: Set up automated responses for detected threats, such as blocking IP addresses or alerting the security team.
  • Dashboard and Reporting: Create dashboards and generate reports to visualize BID data and monitor the security posture continuously.

4. Continuous Assessment and Improvement
BID is an ongoing process that requires continuous assessment and improvement to adapt to new threats and changes in the environment. Regularly updating your asset inventory and fine-tuning BID processes are crucial for maintaining a high level of cyber-security.

Steps:

  • Regular Reviews: Conduct regular reviews of your BID processes and tools to identify areas for improvement.
  • Update Asset Inventory: Keep your asset inventory updated with any new internet-facing assets.
  • Adapt to New Threats: Stay informed about new cyber-security threats and update your BID tools and processes accordingly.

Benefits of Implementing BID

Implementing Border Internet Discovery (BID) offers numerous benefits that enhance your organization’s cybersecurity posture. By proactively identifying and monitoring your internet-facing assets, you can significantly reduce vulnerabilities and improve your ability to respond to potential threats.

1. Proactive Threat Detection

One of the primary benefits of BID is the ability to detect threats proactively. By continuously scanning and monitoring your internet-facing assets, you can identify vulnerabilities and potential attack vectors before they are exploited by malicious actors.

Key Points:

  • Early identification of vulnerabilities in web servers, IP addresses, and SSL certificates.
  • Detection of unauthorised changes or additions to your internet-facing infrastructure.
  • Prevention of potential security breaches through timely remediation.

2. Improved Incident Response
BID enhances your incident response capabilities by providing real-time alerts and detailed information about your internet-facing assets. This allows your security team to respond quickly and effectively to security incidents.

Key Points:

  • Real-time alerts for detected threats and vulnerabilities.
  • Detailed asset inventory to facilitate rapid incident investigation.

3. Enhanced Compliance
Many regulatory frameworks and industry standards require organisations to maintain an accurate inventory of their internet-facing assets and to monitor these assets continuously. Implementing BID helps you meet these compliance requirements and demonstrate your commitment to cyber-security.

Key Points:

  • Compliance with regulations such as GDPR, HIPAA, and PCI DSS.
  • Comprehensive documentation of asset inventories and monitoring activities.
  • Regular audits to ensure ongoing compliance and identify areas for improvement.

4. Reduced Attack Surface
By identifying and cataloging all your internet-facing assets, BID helps you reduce your attack surface. This means fewer entry points for attackers to exploit, thereby lowering the overall risk to your organization.

Key Points:

  • Identification and remediation of exposed assets.
  • Regular updates to the asset inventory to reflect changes in the environment.
  • Implementation of security controls to protect identified assets.

5. Continuous Improvement
BID is an ongoing process that encourages continuous improvement in your cyber-security practices. By regularly assessing and updating your BID processes, you can adapt to new threats and ensure that your security posture remains strong.

Key Points:

  • Regular reviews and updates to BID processes and tools.
  • Continuous training for security personnel to stay informed about new threats and technologies.
  • Iterative improvements based on feedback and lessons learned from security incidents.

Conclusion

Implementing Border Internet Discovery (BID) is a vital step towards enhancing your organisation's cyber-security. By understanding your internet-facing assets, leveraging powerful BID tools, and continuously monitoring and improving your processes, you can stay ahead of potential threats and protect your digital assets effectively.

BID not only helps in proactive threat detection and improved incident response but also ensures compliance with regulatory requirements and reduces the overall attack surface. Embrace BID as a core component of your cyber-security strategy to achieve a robust and resilient security posture.

Using ProCheckUp's BorderNet System

An effective and comprehensive way to implement BID is through ProCheckUp's BorderNet system. BorderNet is designed for Linux and utilises opensource tools. It collects open-source intelligence, performs DNS enumeration and network mapping, and monitors internet-facing assets. With SQL database integration, BorderNet automates daily, weekly, and monthly scans, sending timely alerts to enhance an organisation's cybersecurity posture. This system streamlines the BID process, providing a robust solution to protect your organisation's digital assets.