15 Ensuring telemetry integrity

 

This chapter covers

  • Understanding why you should defend telemetry integrity
  • Defending telemetry against outside attackers
  • Defending telemetry against malicious insiders
  • Making telemetry tamper-evident

This chapter is about security. Your telemetry systems provide details about how your production systems are operating, which includes a whole host of details that an attacker looking to hide their tracks would rather not be present. Outside attackers seek to prevent telemetry that shows their presence from entering the system. Inside attackers (evil insiders) remove or alter telemetry to hide their activities. Your telemetry systems need to be resilient to both kinds of attacks, which requires multiple defense techniques.

Your goal as a system defender is to prevent alteration wherever possible, and if you can’t do that, make it harder to perform alteration and slow the attacker down. By forcing an attacker to take more time or perform more steps, you increase your chance to catch them before they get too far. When you make alteration harder, attackers leave more traces that they have to modify, which increases the chances that they will miss one. That missed trace may be the key to detecting the attack.

15.1 Getting telemetry out of reach of an attacker

15.1.1 Move telemetry too fast to catch

15.1.2 Use ACLs to enforce write-only telemetry

15.1.3 Durable telemetry when using SaaS providers

15.2 Making telemetry harder to mess with

15.2.1 Using access control requirements to defend against attacks

15.2.2 Ensuring configuration integrity in your telemetry systems

15.2.3 Making changes obvious

Summary