Back to the Basics — Networking — What is Cyber Security

Cyber Security goes hand in hand with networking. Not only the large enterprises need security also the small business might prone to attacks. In every business, there is some data that should be confidential.

There are two basic elements that you must consider as part of cybersecurity plan:

• Prevention — The first pillar of cybersecurity is the tools and technology that you can deploy to prevent bad actors from penetrating your network stealing or damaging your data. this pillar includes firewalls that blocks unwelcome access, antivirus programs that detect malicious software. Patch management tools that keep your software up to date and antispam programs that keeps suspicious mails from reaching your users inboxes.
• Recovery — The second pillar of cybersecurity is necessary because the first pillar is not always successful. Successful cyberattacks are inevitable. So you need to have technology plans in place to quickly recover from them when they hit. This pillar includes such things as creating backup copies of all your data and having recovery plans in place to quickly get your organization back up and running.

Prevention —

To prevent any attack, we should have complete understanding of your IT environment, the threats it is exposed to and the vulnerabilities it presents to would-be attackers. the foundation of this knowledge is an asset management system that lets you keep track of absolutely everything that is connected to your network.

• All the hardware connected to your network — That includes all the desktop computers. mobile devices, servers, switches, Wi-Fi Access points, routers, printers and every other piece of hardware connected to your network.
• All Software's connected to your network — That includes OS, web browsers, Microsoft office applications, and any other programs your organization uses. It also includes cloud service providers such as Office 365, online meeting platforms, cloud storage providers, and so on. Finally it includes the software that runs on devices such as routers, switches, printers and other similar devices.
• All the people connected to your network, typically represented by Active Directory accounts — You need to understand who they are, what their jobs are, what permissions they require, what devices they use and so on.

Now with these asset management, we can deploy specific preventive measures to protect the asset.

• Firewalls — Your internet connection must be protected by a firewall device that is configured to keep dangerous traffic out of your network.
• Wi-Fi Security — All wireless access to your network must be encrypted and protected by password access
• Antivirus Software — Every computer on your network must be protected by active antivirus software. That includes every computer — workstations, laptops, tablets and servers.
• Antispam software — Most cyberattacks come in through email. Make sure all email is protected by antispam software that ca n block email that contains malicious code or suspicious links.
• Strong Passwords — All account that have access to your system should be secured by strong passwords
• Multifactor Authentication — The most critical access such as those for administrative control, should be controlled by multifactor authentication which requires additional verification beyond a username and password.
• Data Protection — All shared data on your network should be protected with roll-based security so that only those users who have a demonstrated need for the data are allowed access. this is done by controlling, access permissions on files and folders and well as share permissions.
• Encryption — Encryption refers to the process of encoding the data so that it can be only read by those who possess the secret encryption key. Encryption is one of the most important aspects of data security and should be employed whenever possible. One common way to use encryption is on wireless networks where all data should be encrypted. this type of encryption is called data-in-flight encryption because it encrypts data while it is in transit from one computer or device to another. It is also common to encrypt data that resides on disk drives — This type of encryption is called data-at-rest encryption and is especially important if someone were to physically steal your disk drives.
• User Life cycle Management — All user accounts should be subject to a documented life-cycle management policy that ensures that when a user leaves the organization, that user’s access is terminated.
• Auditing — All aspects of your security environment should be regularly audited to ensure everything in operating as expected and is appropriate for the current environment. this includes regularly reviewing your user accounts and file permissions: reviewing firewall, antivirus, and antispam software to make sure it is functioning and reviewing event logs.
• User Training — the weakest points in any network are its users. Make sure to regularly offer security training for your users.
• Physical Security — this aspect of cybersecurity is often overlooked. Any hacker worth her salt can quickly defeat all but the most paranoid security measures if she can gain physical access to a computer on your network.

Recovery —

A recovery plan should also protect you against threats that are not necessarily malicious.

The most important aspect of recovery is to plan for it in advance. The basis for any recovery plan is good backup plan. In fact, planning for backup is an integral part of planning any network.

• Comprehensive — Identify every critical server and a data store in your organization and make sure it’s backed up regularly
• Up to date — when you are forced to recover from a backup, you will be rolling your business back to the date the backup was made
• Redundant — You should keep multiples copies of your backups each representing recovery point. Your files have been corrupted by a cyberattack so you might have to take good backup so that corrupted files are not recovered again
• Kept off-site — If a fire burns down your server room and your backup should not be around it. So should have proper disaster recovery set up
• Offline — It is not enough to keep backups off-site they must be offline.
• Automated — Make sure regular backups are taken and is completely automated
• Monitored — Check the backups are working as expected
• Tested — Regularly test them by restoring individual files and entire servers

Recovery plan should include:

• Spare Computers — Make sure you have spare or two that can quickly configure to quickly get the user back to work
• Emergency Disk Capacity — Restore operations often require that you have plenty of spare disk capacity available so that you can move data around. Inexpensive network attached storage may fit the bill but this is very slow.
• Communications — In the midst of recovery it is vital to communicate with your users. They’ll need to know what is going on, how long you expect recovery can take. Plan for alternative methods of communication as emails might be destroyed

Cybersecurity Frameworks

Every aspect of the system designs should take cybersecurity into account not as an afterthought but from the very beginning. That includes your servers, storage platforms, desktop computers, network infrastructure, mobile devices, operating systems, software and anything else that is part of your IT environment.

There are plenty of cybersecurity frameworks to choose from but these are 5 most popular frameworks:

• NIST
• ISO/IEC 270
• ISA 62443
• CIS-20
• COBIT

NIST Framework—

The NIST cybersecurity Framework is probably the most commonly used framework and officially known as the Framework for Improving Critical Infrastructure Cybersecurity.

The framework is useful for any organization large enough to have a dedicated IT staff, even if that staff consists of just one person. The framework invites you to develop a solid understanding of the cybersecurity risks your organization faces and to implement a risk management strategy based on informed decision about which security practices makes sense for your organization

The framework consists of 3 basic components

Framework Core — It identifies five basic functions of cybersecurity

• Identify — You must know what parts of your organization are vulnerable to cyberattack
• Protect — You should take specific steps to protect those parts of your organization that you have identified as being vulnerable.
• Detect — This function involves monitoring your systems and environment so that you know as soon as possible when a cyberattack occurs
• Respond — This function helps you plan in advance how you will respond when a cybersecurity incident occurs
• Recover — According to the framework, you must develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or servers that were impaired due to cybersecurity incident

Framework Implementation Tiers — It describes 4 distinct tiers that represent an increasing level of sophistication i cybersecurity practices. As an organization invests more in cybersecurity, it moves up through the tier levels.

Framework Profile — This section discusses the use of profiles to indicate which specific outcomes in the Framework core are implemented. You can create a current profile, which documents the current cybersecurity practices at your organization, and then create a target profile to represent where you would like to be. Then you devise a plan to move from current profile to the target profile.

In all, there are 23 categories across the five functions. Each of these categories is broken down into from 2 to 12 subcategories.

If your organization is small, you may just keep track of all your computer and network devices in a simple Microsoft Excel Spreadsheet. If it is bigger organization, you can utilize software that tracks all the attached devices and you may want to use inventory tags with barcodes so you can track hardware assets.

Although the framework does not prescribe specific solutions, it does offer a set of links to other cybersecurity frameworks which is calls informative references. You can cross-reference these information references to gain additional insight into each of the subcategories

Happy Learning!!