The 5 Layers Of Cyber Security
To protect your business or organisation against a Cyber-attack, there are 5 main technical controls that need to be adhered to, they are bullet pointed below which we will discuss each one in a little more detail:
- Firewalls
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
Firewalls
All devices run network services, which create some form of communication with other devices and services. By restricting access to these services, you reduce your exposure to attacks. This can be achieved using firewalls and equivalent network devices. A boundary firewall is a network device which can restrict the inbound and outbound network traffic to services on its network of computers and mobile devices. It can help protect against cyber-attacks by implementing restrictions, known as ‘firewall rules’, which can allow or block traffic according to its source, destination and type of communication protocol. Alternatively, a host-based firewall may be configured on a device. This works in the same way as a boundary firewall but only protects the single device on which it is configured. This approach can provide for more tailored rules and means that the rules apply to the device wherever it is used. However, this increases the administrative overhead of managing firewall rules.
Here are few things your I.T Administrator can routinely do, to maintain your security of your business network:
- change any default administrative password to an alternative that is difficult to guess
- prevent access to the administrative interface (used to manage firewall configuration) from the Internet, unless there is a clear and documented business need
- block unauthenticated inbound connections by default
- ensure inbound firewall rules are approved and documented by an authorised individual
- remove or disable permissive firewall rules quickly, when they are no longer needed
Secure Configuration
Computers and network devices are not always secure in their default configurations. Standard, out-of-the-box configurations often include one or more weak points such as:
- an administrative account with a predetermined, publicly known default password
- pre-enabled but unnecessary user accounts (sometimes with special access privileges)
- pre-installed but unnecessary applications or services
Default installations of computers and network devices can provide cyber attackers with a variety of opportunities to gain unauthorised access to an organisation’s sensitive information — often with ease. By applying some simple technical controls when installing computers and network devices
you can minimise inherent vulnerabilities and increase protection against common types of cyber attack.
Here are few things your I.T Administrator can routinely do, to maintain your security of your business network:
- Remove and disable unnecessary user accounts (such as guest accounts and administrative accounts that won't be used)
- Change any default or guessable account passwords to something non-obvious
- Remove or disable unnecessary software
- Disable any auto-run feature which allows file execution without user authorisation
- Password Based authentication:
- protect against brute-force password guessing and the flowing methods can be used:
- lock accounts after no more than 10 unsuccessful attempts
- limit the number of guesses allowed in a specified time period to no more than 10 guesses within 5 minutes
- set a minimum password length of at least 8 characters
- change passwords promptly when the Applicant knows or suspects they have been compromised
- Use a Password Policy
- avoid choosing obvious passwords (such as those based on easy discoverable information like the name of a favourite pet)
- not to choose common passwords — this could be implemented by technical means, using a password blacklist
- not to use the same password anywhere else, at work or at home
- record passwords to store and retrieve them securely — for example, in a sealed envelope in a secure cupboard
- which passwords they really must memorise and not record anywhere
- protect against brute-force password guessing and the flowing methods can be used:
User Access Control
Every active user account in your business facilitates access to devices and applications, and to sensitive business information. By ensuring that only authorised individuals have user accounts, and that they are granted only as much access as they need to perform their role, you reduce the risk of information being stolen or damaged. Compared to normal user accounts, accounts with special access privileges have enhanced access to devices, applications and information. When such accounts are compromised, their greater freedoms can be exploited to facilitate large-scale corruption of information, disruption to business processes and unauthorised access to other devices in the organisation.
Administrative accounts are especially highly privileged and can typically allow:
- execution of software that has the ability to make significant and security relevant changes to the operating system
- changes to the operating system for some or all users
- creation of new accounts and allocation of their privileges
All types of Administrator will have such accounts, including Domain Administrators and Local Administrators. Now consider that if a user opens a malicious URL or email attachment, any associated malware is typically executed with the privilege level of the account that user is currently operating. Clearly, you must take special care over the allocation and use of privileged accounts
Here are few things your I.T Administrator can routinely do, to maintain your security of your business network:
- Have a user account creation and approval process
- remove or disable user accounts when no longer required (when a user leaves the organisation
- use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks)
- remove or disable special access privileges when no longer required (when a member of staff changes role
Malware Protection
The execution of software downloaded from the Internet can expose a device to malware infection. Malware, such as computer viruses, worms and spyware, is software that has been written and distributed deliberately to perform malicious actions. Potential sources of malware infection include malicious email attachments, downloads (including those from application stores), and direct installation of unauthorised software. If a system is infected with malware, your organisation is likely to suffer from problems like malfunctioning systems, data loss, or onward infection that goes unseen until it causes harm elsewhere
You can avoid the potential harm from malware by:
- Use Anti-Malware Software which can detect and disable before it causes harm
- The software (and all associated malware signature files) should be kept up to date, with signature files updated at least daily. This may be achieved through automated updates, or with a centrally managed deployment.
- The software must be configured to scan files automatically upon access.
- The software should prevent connections to malicious websites on the Internet (by means of blacklisting) — unless there is a clear, documented business need
Patch Management
Any device that runs software can contain security flaws, known as vulnerabilities. Vulnerabilities are regularly discovered in all sorts of software. Once discovered, malicious individuals or groups move quickly to exploit vulnerabilities to attack computers and networks in organisations with these weaknesses. Product vendors provide fixes for vulnerabilities identified in products that they still support, in the form of software updates known as 'patches'. Patches may be made available to customers immediately or on a regular release schedule. Product vendors do not generally release patches for products they no longer support — not even to fix vulnerabilities
If you take Cyber security seriously and would like an assessment of your businesses network or even with help to become Cyber Essential or Plus Accredited, contact Control I.T Solutions today for more information on 01738 310271.