Real-Time and Retrospective Analyses of Cyber Security by David Anthony Bird;

Author:David Anthony Bird; [Неизв.]
Language: eng
Format: epub
Publisher: IGI Global

The author draws upon the lessons learned from the examples specified in this chapter to list key takeaways are listed in Table 1. Furthermore, by analyzing the points drawn out from these cyber incursions, it is possible to define the main pillars of cyber security, as shown in Figure 1.

Table 1. Highlighted security controls and lessons learned

Security Control Cyber Security Risk Lesson Learned

System design • Making modifications to system architectures without understanding the full context of consequences. • One should not modify valid and approved architecture designs for the sake of convenience.

• One should have configuration and change control regimes in place.

Manage removable media • Organizations can no longer think of isolated networks as a defensive posture in their own right by relying on an airgap. • One should have robust controls to detect the insertion of USB media into hosts using monitoring agents.

• One should block or prevent auto-execution from removable media.

• One should antivirus sweep removable media on data transfer to systems.

• Encrypted removable media is a ideal measure for protecting data-at-rest, but if decryption has not been undertaken prior to an antivirus engine scan, then undetectable malware can be hidden on the volume.

Passwords and password constitution • Inadequate access control mechanisms.

• Weak passwords or re-used passwords, which may have already been compromised, can be easily guessable using dictionary lists (Be’ery, 2014). • One should employ 2FA when possible, but one should not use 2FA with weak passwords or, even worse, default passwords.

• Robust password constitution should be used, and passwords should be protected, using salts that make attempts to use offline brute force guessing very drawn out and untenable.

• One should not reuse passwords.

Software authenticity • Malicious code or fake software could end up being incorporated into baseline builds or deployed operationally thereby affecting system integrity. • Code should not be trusted by default.

• Downloads should be verified by associated certificates or hashes as a form of provenance verification.

Audit • Ineffective identification of crucial technical weaknesses using

documentary-based compliance audits. • One should identify gaps in policy and processes against standards like ISO27001:2013 to identify vulnerabilities, such as ineffective patching and weak Business Continuity regimes.

• One should use active pentest findings cross referenced against control criteria to identify control-measure gaps.

Monitoring • One should investigate antivirus alerts. • One should deploy antivirus onto system hosts and regularly update engines and signatures.

• One should implement active and passive security enforcing functions that form preventative and detective controls.

Procedural controls • Humans tend to be nonchalant towards procedures or may actively seek to take short-cuts or circumvent process-based controls if they are presented with the opportunity. • Procedures and processes that enforce organizational security policy cannot be solely relied upon without some form of technical control to augment it.

• Users must not bypass policy, procedures, or processes.

User training • Computers left screen-locked and unnecessarily left on overnight are prime candidates to be subverted and used as staging servers for data exfiltration purposes. • One should undertake user training to enhance user competency, so that security mechanisms are used properly in line with security policy.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.