Article by: Kavya T N

Cyber Security plays a crucial role in defending the digital world from the Cyber threats that are increasing globally. All organizations are driven by Internet. Usage of cloud services such as AWS, Azure, GCP has increased. They are used officially by small to large multinational companies and also personally. Using Internet directly without any protection will expose the devices and data to the external world due to the vulnerabilities in the internet.

We may never get rid of vulnerabilities. Vulnerabilities are basically bugs, and we shall always have bugs, as the programs we use are written by human beings. And human beings will always make mistakes. 

Gone are those days where simple firewalls and antivirus were adequate to secure the network and data. This can no longer secure the network infrastructure and data against sophisticated cyber-attacks.

Cyber threats may differ from a phishing attack, social engineering to a Ransomware.

Few examples of cyber-attacks that caused larger impact are:

1. eBay’s encrypted password breach which lead to 145 Million users to reset their passwords
2. Yahoo reported a compromise of 1 billion accounts by a hacker group
3. Cosmos bank cyber-attack which cost about INR 94.42 Crores
4. Leading bank in India, their ATM attack which washed off 20 Lakhs with the use of skimming devices
5. UIDAI Aadhaar Software breach which exposed around 1.1 Billion user details
6. SIM Swap Scam by hackers in Mumbai which led to illegal transfer of money

And many more.

A lack of focus on cyber security can harm business in various ways – Reputation issues, Financial costs, administration and regulatory issues. Therefore, protecting network and data from illegal access to Zero-day attacks is very essential.

There are many ways that an attacker can get into the network. To secure the data and network, there are many Cyber Security technologies in market that can be implemented to prevent the threats. Having these Cyber Security technologies in place is necessary to ensure, “A to Z security – A complete protection”.

The below is the guide for protecting the network and data:

• AAA – Authentication, Authorisation, and Accounting – AAA provides us Identity and confidentiality of a user which helps in eliminating unauthorised access

• Backup – Backing up data and configuration is important; this will help us in compliance and data recovery

• Configuration management – Configuration management ensures proper process, and maintenance of network devices

• DDOS protection – Distributed Denial of Service (DDoS) attacks has been evolved over the time into high-volume attacks. Having a high-volume attack mitigation capable product in place helps in mitigating such attacks and provides availability of services

• Endpoint Protection – Endpoints/Devices are connected to the Internet most of the time when inside or outside the organisations. No Security devices inside the organisation network provides complete security. There are many chances for the threats to reach the endpoints. These threats reaching the endpoints can be identified and blocked by an Endpoint protection system in place

• Firewall – In protecting private information, the firewall is always considered as a first line of defense. Threats travel from computer-to-computer without the knowledge of the user. They can find a computer that has lower security settings or unpatched vulnerabilities and insert themselves onto that system without the user ever knowing what is happening. Many worms and Trojan horses, often known as “bots”, travel this way. They utilize the Internet to find computers to infect. At this point, the attacker can make the victim’s computer perform almost any task he or she desires. The firewall monitors all network traffic and checks it against the rules and conditions configured on it. It can identify and block unwanted traffic, attacks and prevent information loss. There are advanced firewalls such as NGFW with UTM capabilities available in market which has many inbuilt features such as URL Filtering, Application filtering and IPS

• Guidelines – Guidelines are recommended actions and operational guide for users, IT staff, operations staff, and others to meet a standard. Setting up proper guidelines of the Internet and data use helps in protection and integrity, also educating the employees on the threats such as phishing, social engineering becomes necessary

• High Availability – Having a secondary device for the security appliances positioned in our network becomes mandatory for business continuity and incident response

• IOT Protection – IoT objects are also part of the network which is mostly ignored. Without security, any connected object, from Cameras, biometrics to manufacturing bots, can be hacked. Once hackers obtain control over these, they use it as a medium to take over the object’s functionality and infiltrate into the network

• Jitter free connection – Jitter is the delay of received packets. Which may be due to network congestion, improper queuing, or configuration errors. Having high speed and better-quality Internet and error-free configuration on the network devices helps in avoiding jitter and provides better performance of the products

• Kit of Security Tools – Instead of waiting for an attack to happen and decide the security posture, it better to proactively simulate possible attacks and prepare the network to mitigate those. Security testing products such as vulnerability scanner and penetration testing tools help in this case

• Link load balancer – Link load balancer helps in providing WAN link failover and bandwidth management and assures continuous operation in case of any issues in any one of the ISP links

• Mail Security – It helps in ensuring the content received is legitimate by eliminating spam and suspicious mails. It also helps in protection against phishing attacks and domain takeover

• NMS – Network Monitoring in mandatory to know the health and status of the devices. It provides the complete picture of the devices in the network and links

• OTP for Two factor Authentication – Passwords are mostly commonly used for first factor for authentication that can be easily compromised. Therefore, having a second factor to authenticate a user is necessary. One-time passwords (OTP) provides secure and safe 2FA

• Privileged Access Management– All network devices have an admin account which has read and write access to the devices. Securing this account from external and malicious insiders is required. PAM as a solution provides security to these privileged accounts

• Quick Response on Incidents – Quick response to incident is required for the Incident recovery and business continuity. Having proper business continuity plan and incident response team equipped with tools such as SIEM, EDR will help in maintaining quick response time

• Risk management – Understanding all the risk involved in a business venture or a project as well as their likelihoods is vital. Risk management is the detection, evaluation, and prioritizing of the potential risks and the economic application of resources to reduce, examine and manage the probability and impact of losses. Efficient risk management activities create value and should be an integral part of the decision-making process

• Server Security – Server security is as crucial as network infrastructure security for the reason that servers hold a huge amount of data for an organization including critical information. If a server is compromised, all its contents might be available for the intruder to steal or manipulate which may lead to a business loss

• Techniques and Procedures – Any security device positioned must be configured to provide a better security. Security engineer must be updated on the latest technologies, techniques to implement and need to have set of standard procedures to follow which will ensure right security

• Up-to-date software – Unpatched software become a risk to the security posture. Security solutions such as Antivirus, IPS mostly work on the database of signatures, having these updated to date is necessary in mitigating the threats. Not only security solutions, even any unpatched OS is also a threat to an organisation

• Vulnerability Management – Threats and risks keep evolving and infiltrate into the network, having a track on what is into the network becomes vital. Vulnerability management involves finding errors and risks in software which helps in preventing unwanted access and exposure. Mobile devices and the cloud open-up new vulnerabilities and it should be considered while designing a security strategy

• Web Security – Web Security acts as a gateway to check what the users are accessing through the web and what is getting into the network. It allows access only to the approved and secure websites providing security and better performance by reducing unnecessary traffic to the internet

• XSS Protection – Cross-Site Scripting (XSS) is a type of vulnerability found in web applications which enables the intruder to execute scripts. There are many such attacks that can be used to exploit the Web application. Having a Web Application Firewall helps the organisation in safeguarding their website and the Web Application server. It is very important security that an organisation needs to have since website is the face of the organisation and it might lead to reputation loss

• You – The Security Engineer – Security engineers are responsible for the security of the network, users, applications and data. Any misconfiguration of devices leads to a loophole which might be a potential risk to the organisation. Having the security engineer well trained and equipped with technologies becomes important. Continuous learning helps in keeping up the security posture

• Zero-day protection – Zero-day threats are dangerous. Threats such as ransomware which are new and there is no known signature or pattern to mitigate them. Such attacks become difficult to be detected by a signature-based solution. Solutions such as End-point Detection & Response (EDR) and Sandboxing which does a behavioural analysis is required to find and quarantine such threats

A 100% secure network Infra is not possible; there is always threats involved which are evolving day- -to-day. Attackers develop newer threats which can pass through the existing security solutions. Technologies also keeps evolving. Therefore, having an updated infrastructure is essential.  For cyber security engineers, it is a regrettable fact that no network can achieve a conclusive state that is totally secure.

SNS as a security focussed organization has been Consulting, Designing, Implementing “A-Z Security” for organizations of all sizes for last 20 Years.  Visit  www.snsin.com,  or Email at [email protected]  for any feedback or requirements