Cybersecurity Threats, Malware Trends, and Strategies by Tim Rains
Author:Tim Rains
Language: eng
Format: epub
Tags: COM053000 - COMPUTERS / Security / General, COM015000 - COMPUTERS / Security / Viruses & Malware, COM043050 - COMPUTERS / Security / Networking
Publisher: Packt
Published: 2020-05-28T13:15:57+00:00
Cybersecurity fundamentals scoring system score
How well does the Protect and Recover Strategy mitigate the cybersecurity usual suspects? Table 5.3 contains my CFSS score estimates:
Table 5.3: The CFSS score estimate for the Protect and Recover Strategy
As you might have gleaned from my description of this strategy, although it has some benefits, it doesn't address the cybersecurity fundamentals very well. For unpatched vulnerabilities, I gave this strategy 10/20.
This score reflects that firewalls and segmentation can make it harder for attackers and malware to access exploitable vulnerabilities listening on network ports. If network traffic can't make it to the vulnerable service's port, then the vulnerability can't be exploited. But this mitigation isn't a permanent condition for an exploitable vulnerability. As soon as an administrator changes the rule for the firewall filter blocking the port, then the vulnerability could potentially become instantly exploitable, unbeknownst to the administrator. Typically, filters will block unsolicited in-bound traffic to a port, but they allow in-bound traffic, which is a result of legitimate outbound traffic on the same port. Under the right conditions, the service or application could be enticed to make an outbound connection to a destination under the control of attackers. Firewalls only provide a temporary mitigation to unpatched vulnerabilities, thus giving vulnerability management teams more time to find and patch vulnerabilities. The vulnerable software needs to be uninstalled from the system (which can't be easily done for most operating system components) or needs to be patched. The Protect and Recover Strategy doesn't focus on vulnerability management. The same is true for security misconfigurations. This strategy doesn't help us fully mitigate these two cybersecurity usual suspects – the best it can do is delay exploitation. For this reason, I gave it partial marks in these two areas.
This strategy does nothing to address weak, leaked, or stolen credentials or insider threat. Therefore, both received a score of zero. Finally, I gave this strategy's ability to mitigate social engineering partial marks. Firewalls and DMZs can filter connections based on URLs and IP addresses. They can prevent users who are tricked into clicking on malicious links from connecting to known malicious servers and unauthorized sites. Outbound traffic can be blocked and flagged, as well as inbound replies to such outbound traffic. The challenge has been keeping up with attackers who use compromised systems all over the world to host complex multi-component attacks, and constantly changing sources and destinations for attacks. History has taught us that this approach does not mitigate social engineering attacks very effectively. This is because it still relies on users and administrators to make sound trust decisions, which has always been challenging. Nonetheless, I gave it partial marks for social engineering for what it can do.
With a CFSS total score of 25 out of a possible 100, clearly, this strategy must be used in combination with other strategies in order to really focus on the cybersecurity fundamentals, as well as provide a foundation that an enterprise can build on. Many organizations have already come to this conclusion and have evolved their approaches.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Future Crimes by Marc Goodman(2997)
Mastering Python for Networking and Security by José Manuel Ortega(2937)
Blockchain Basics by Daniel Drescher(2884)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2505)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2478)
The Art Of Deception by Kevin Mitnick(2294)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2274)
The Code Book by Simon Singh(2204)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2149)
DarkMarket by Misha Glenny(1844)
Wireless Hacking 101 by Karina Astudillo(1843)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1838)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1829)
Machine Learning Security Principles by John Paul Mueller(1828)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(1828)
Mobile Forensics Cookbook by Igor Mikhaylov(1811)
Serious Cryptography: A Practical Introduction to Modern Encryption by Aumasson Jean-Philippe(1803)
Solidity Programming Essentials by Ritesh Modi(1760)
Bulletproof Android: Practical Advice for Building Secure Apps (Developer's Library) by Godfrey Nolan(1667)