Wednesday, November 18, 2020

Cybersecurity Tools and Technologies

Network security tools are very important when ensuring Information Security in an organization. Cybersecurity tools and technologies include Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems (IDS/IPS), Web Content Filters, Data Loss Prevention (DLP), Unified Threat Management (UTM), and Security Information and Event Management (SIEM).

Firewalls 

Firewalls are one of the most prominent network security tools since the early days of the Internet. A firewall is a hardware or software platform that controls the flow of traffic between a trusted network such as a corporate LAN and an untrusted network like the Internet. There are different types of firewalls,

  1. Packet filtering firewalls: Checks data packets coming from the router 
  2. Stateful packet inspection (SPI) firewalls: These firewalls combine both packet inspection technology and TCP handshake 
  3. Application firewalls: Operate up to Layer 7 (application layer) of the OSI model and control access to specific applications and services on the network

Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS)

Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) perform deep-packet inspection and analysis of network activity and data and provide real-time monitoring of network traffic. Unlike traditional packet filtering and stateful packet inspection firewalls that examine only packet header information, IDS/IPS examines both the packet header and payload of network traffic. IDS/IPS attempts to match malicious patterns found within inspected packets. IDS/IPS are typically deployed to detect and block exploits of software vulnerabilities on the network. The primary difference between IDS and IPS is that IDS is considered to be a passive system, whereas IPS is an active system. IDS monitor and analyze network activity and provide alerts to potential attacks and vulnerabilities on the network, but it doesn’t perform any preventive action to stop an attack.

Web content filters

Web content filters are used to restrict the activity of users on a network. Web content filters match a web address against a database of websites. They are typically provided as a subscription-based service and maintained by the individual security vendors that sell the web content filters. Web content filters attempt to classify websites based on broad categories that are either allowed or blocked for various groups of users on the network. For example, the human resources department may have access to social media sites such as LinkedIn and Facebook for recruiting activities, while other users are blocked.

Data loss prevention (DLP)

Data loss prevention solutions inspect data that is leaving the network (for example, via email, file uploads, or by USB  drives) and prevent certain sensitive data like social security numbers, Addresses, Electronic Heath Records, and Classified material from leaving the network.

Unified threat management (UTM)

Unified threat management devices combine numerous security functions into a single system, including Anti-malware, Anti-spam, Content filtering, DLP, Firewall, IDS/IPS, and VPN. UTM devices don’t necessarily perform any of these security functions better than their standalone tools. But for a medium-sized enterprise, this is a more convenient and inexpensive solution that gives the needed all in one security from cyber threats. 

Security information and event management (SIEM)

Security information and event management software tools and managed services provide real-time monitoring, event correlation, analysis, and notification of security alerts generated by various network devices and applications.


REFERENCES

https://www.juniper.net/uk/en/products-services/what-is/ids-ips/
https://www.imperva.com/learn/application-security/siem/
https://digitalguardian.com/blog/what-unified-threat-management-utm-defining-and-outlining-benefits-unified-threat-management
https://www.compuquip.com/blog/the-different-types-of-firewall-architectures

Posted by at 6 comments:

Tuesday, November 10, 2020

CIA Triad of Information Security



What is CIA Triad?

CIA stands for Confidentiality, Integrity, and Availability and they are the key attributes of information security that are used as a security benchmark model to evaluate information security of an organization. It is a widely used model to guide an organization to implement policies and mechanisms aimed at keeping their data secure. 

Confidentiality

Confidentiality means keeping the systems, data, and other technological assets confidential from unauthorized access. In the modern world, it is very important to keep private and sensitive data from unauthorized access. Confidentiality can be achieved by using mechanisms like authentication, authorization, and encryption. Authentication is allowing only authorized users to access the systems and data. It includes using passwords, biometrics, and security tokens to establish identity. Authorization is giving different user permission levels to access resources. Authentication validates the identity of users while authorization defines if that user has access to a specific resource. Both authentication and authorization are needed to ensure confidentiality. Encryption is the process of converting data into cipher in order to prevent the exposure of confidential data to unauthorized parties. There are two types of encryption mechanisms Symmetric Encryption and Asymmetric Encryption. Packet sniffing, keylogging, and phishing are some of the attacks that affect confidentiality. 

Integrity 

Integrity is preventing the malicious alteration of data by unauthorized parties. It is the accuracy and completeness of data. Information should not be changed during transit. This simply means that the receiver should get the exactly same message that is sent by the sender. Techniques like hashing and encryption can be used to ensure the integrity of data. Hashing is a mathematical algorithm used to generate signatures. Different hashing algorithms like MD5 and SHA(Secure Hashing Algorithm) can be used to ensure the integrity of data. Man in the middle attacks and session hijacking are some of the attacks that affect integrity. 

Availability

Availability is the process of ensuring that the data, information, and systems are available when it's needed. Backups, hardware maintenance, software patching, and redundancy are mechanisms to ensure availability. Redundancy results in fault tolerance. One example of lack of availability is not having any kind of backups for the systems. In case of a cyber-attack if all the data from the systems are deleted then without backups it is impossible to recover. Therefore a routine backup is needed to ensure high availability. Denial of Service (DOS) attack is a type of attack where the hackers try to make the systems unavailable to intended users. This is a good example of a cyber threat which results in a loss of availability. 

Confidentiality, Integrity, and Availability are the three pillars of information security. Any cyber-attack will compromise any of these attributes. Therefore strong security policies and mechanisms should be implemented in an organization to ensure information security. CIA triad is an important model that can be used to implement the information security strategy of an organization.

REFERENCES

https://www.techopedia.com/definition/25830/cia-triad-of-information-security
https://www.icann.org/news/blog/what-is-authorization-and-access-control
https://www.forcepoint.com/cyber-edu/cia-triad
https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html
https://blog.jamestyson.co.uk/the-cia-and-dad-triads

Posted by at 7 comments:
Subscribe to: Comments (Atom)

OWASP Top 10

OWASP stands for Open Web Application Security Project and it is an international non-profit organization that works towards improving the s...