Cyber Security basic CIA triad (confidentiality, integrity and availability)
Embedded Files
Confidentiality
Confidentiality
Confidentiality is concerned with preventing unauthorized access to sensitive information. The data being sent over the network should not be accessed by unauthorized individuals. The attacker may try to capture the data using different tools available on the Internet and gain access to your information.
Example: Company payroll database access must be restricted within authorized personal.
Example: Company payroll database access must be restricted within authorized personal.
How to Maintain Confidentiality: The two main ways to ensure confidentiality are cryptography and access control.
Integrity
Integrity
Integrity main objective to achieve data security. Make sure that data has not been modified. Corruption of data is a failure to maintain data integrity.
Example: Preventing the modification of information by unauthorized users.
How to Maintain Integrity: SHA (Secure Hash Algorithm) and MD5 (Message Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using SHA-1. There are also other SHA methods that we could use like SHA-0, SHA-2, and SHA-3.
Availability
Availability
To ensure availability network should be readily available to its users. This applies to systems and to data.
Example: Any uninterrupted event critical system and data should be available for business users or there must be proper plan to recover during unplanned activity.
How to Maintain Availability: (a) Use network or server monitoring systems. (b) Ensure a data recovery and business continuity (BC) plan is in place in case. (c) Preventive measures such as redundancy, failover and RAID. Ensure systems and applications stay updated.
Information & Cyber Security Policy
Information & Cyber Security Policy
Information technology security policies are a set of written practices and procedures that all employees must follow to ensure the confidentiality, integrity, and availability of data and resources. Creating security policies is considered to be the most critical element of an IT security program. Cyber security policies set the baseline for any organization security posture.
By putting security policies in writing, you’re formalizing your organization’s security posture by assigning roles and responsibilities, granting authority to security professionals, and identifying your incident response plan.
Implementing a comprehensive set of IT security policies throughout your organization is not only best practice, but considered the bare minimum when it comes to data protection.
How to Write Information Security Policies :
This is actually coming under Risk Management in GRC module during Risk Management Framework Establishment. Which is mentioned below in this section.
MITRE ATT&CK vs. Cyber Kill Chain
MITRE developed ATT&CK as a model to document and track various techniques attackers use throughout the different stages of a cyberattack to infiltrate your network and exfiltrate data.
ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge.
The Cyber Kill Chain, is a well-defined sequence of events: The Red Team (the pentesting term for attackers) move from reconnaissance to intrusion and so on in that order
MITRE and other third-party developers use ATT&CK to help the Red and Blue Teams implement their pentesting and defensive efforts
Understanding ATT&CK matrices
Understanding ATT&CK matrices
MITRE has ATT&CK broken out into a few different matrices: Enterprise, Mobile, and PRE-ATT&CK. Each of these matrices contains various tactics and techniques associated with that matrix’s subject matter.
The Enterprise matrix is made of techniques and tactics that apply to Windows, Linux, and/or MacOS systems. Mobile contains tactics and techniques that apply to mobile devices. PRE-ATT&CK contains tactics and techniques related to what attackers do before they try to exploit a particular target network or system.
When looking at ATT&CK in the form of a matrix, the column titles across the top are tactics and are essentially categories of techniques. Tactics are the what attackers are trying to achieve whereas the individual techniques are the how they accomplish those steps or goals
One example - How tactics and techniques work in ATT&CK, an attacker may wish to gain access into a network and install cryptocurrency mining software on as many systems as possible inside that network. In order to accomplish this overall goal, the attacker needs to successfully perform several intermediate steps. First, gain access to the network – possibly through a Spearphishing Link. Next, they may need to escalate privilege through Process Injection. Now they can get other credentials from the system through Credential Dumping and then establish persistence by setting the mining script to run as a Scheduled Task. With this accomplished, the attacker may be able to move laterally across the network with Pass the Hash and spread their coin miner software on as many systems as possible.
In this example, the attacker had to successfully execute five steps – each representing a specific tactic or stage of their overall attack: Initial Access, Privilege Escalation, Credential Access, Persistence, and Lateral Movement. They used specific techniques within these tactics to accomplish each stage of their attack (spearphishing link, process injection, credential dumping, etc.).
Network Security vs. Cyber Security
Network Security vs. Cyber Security
Network security focuses primarily on securing network infrastructure, including the network edge, routers, and switches. Cyber security includes network security and covers additional areas, such as data storage and transportation.
Network Security Threats and Attacks
Network Security Threats and Attacks
Types of Network Security Technologies and Solutions
Types of Network Security Technologies and Solutions
Firewall/NGFW
A firewall controls inbound and outbound traffic on networks using predetermined security rules to prevent malicious traffic from entering the network. Network security relies on firewalls to protect against external threats. Today, most organizations use next-generation firewalls (NGFW) that can block malware and application-layer attacks.
WAF
A web application firewall (WAF) is a program that can filter, monitor, and block HTTP traffic flowing to and from a web service. Inspecting HTTP traffic enables a WAF to prevent actors from exploiting known vulnerabilities in web applications, such as cross-site scripting (XSS), SQL injections (SQLi).
Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS)
Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS)
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities and generates alerts when they are detected.
IPS technology detects or prevents network security attacks such as brute force and DoS attacks and exploitation of known vulnerabilities.
Signature-Based Intrusion Detection. Signature-Based Intrusion Detection Systems (SIDS) aim to identify patterns and match them with known signs of intrusions.
Anomaly-Based Intrusion Detection. Bit noise as false alerts are more
Hybrid Intrusion Detection.
Network Segmentation/Microsegmentation
Network Segmentation/Microsegmentation
Network segmentation is a technique that enables organizations to define boundaries between network segments. Microsegmentation is a technique that security architects employ to logically split a network into separate security segments, define security controls per microsegment
Virtual Private Networks (VPNs)
Virtual Private Networks (VPNs)
A virtual private network (VPN) protects users’ identities by masking their IP address and location and encrypting their data. VPNs help organizations and individuals protect themselves when connecting to unsafe networks like public WiFi connections.
Zero Trust Network Access (ZTNA)
Zero Trust Network Access (ZTNA)
Zero trust network access (ZTNA), or software-defined perimeter (SDP), solutions enable organizations to specify and enforce granular access to applications and grant access according to the least privileges principle. This principle allows users to have only the access and permissions required to fulfill their role.
Network Access Control (NAC)
Network Access Control (NAC)
NAC utilizes network administrator tools and company-wide policies to prevent unauthorized devices and users from gaining access to protected networks.
Network Security Best Practices
Network Security Best Practices
Auditing the network is essential to obtaining the information needed to assess the organization’s security posture accurately. Here are notable benefits of network audits:
Identifying potential vulnerabilities that require remediation.
Locating unused and unnecessary applications that run in the background.
Determining the firewall’s strength to correct its settings accurately.
Measuring the state of networked servers, software, applications, and gear.
Confirming the efficacy of the overall security infrastructure.
Assessing the status of current server backups.
Organizations must conduct audits regularly and consistently over time.
How to write effective security policies with practical example
Key aspects of information security policies to support vision , mission and strategic planning to protect information assets of an organizations.
To write an information security policies we have to understand business requirements and constraints
Security policies can be write during risk management establishment (GRC) , ISO 27001 implementation or any other requirements, However Policies should be verify by board of governance or senior management before implement.
There are different guidelines to write an affective security polices . SANS Institute (SysAdmin, Audit, Network and Security ) provide the guidelines .
Overview or Introduction
Purpose
Scope
Policy Details
Exception and violation
Version history
How are we going to implement this
For example - We have user password management policy (i,e. passwd should be minimum 7 character ) . We can define this in Group policy management in Active Directory configuration (GPO- Group policy objective) based on users or group and implement this .
Network security policy - work with network team and try to configure all the Firewall, ACL , IDS/IPS ..etc based on defined policies
Cyber Security Policy Examples
Cyber Security Policy Examples
Access control policy
Network security policy
Data security policy
Physical security policy
Disaster recovery (DR) and business continuity policy (BCP)
Password policy
Data classification policy
Data retention policy
Change Management Policy
Remote Working Policy
Email Policy
Acceptable use policy
Incident response policy
Google Sites
Report abuse