Security Controls

Security Controls:

There are hundreds of thousands of security controls that organizations can implement to reduce the risks. Some of the common security controls we will discuss in this section.
    
Technical Control:
These controls use technology to reduce vulnerabilities. An administrator installs and configures technical controls and then these technical controls automatically provide protection. Some of the technical controls are discussed below:
  • Encryption:
        It is the strong technical control to ensure confidentiality.
  • Anti Virus Software:
        It provides the protection against the malware functions.
  • IDS and IPS:
        IDS/IPS can monitor the network or host for intrusion and provide the ongoing protection
  • Firewalls:
        Firewalls restrict the traffic going in or out of the network.
  • Least Privileges:
        Least privileges specifies that individuals or processes are granted only privileges then need to perform the assigned tasks.

Administrative Controls:
It uses methods mandated by the organization policies or other guidelines. Some of the administrative controls are discussed below.
  • Risk Assessment:
        Risk Assessment helps in quantifying and qualifying risks in the organization so that organization can focus on the serious risk.
  • Vulnerability Assessment:
      Vulnerability Assessment performed to know the current vulnerabilities in the organization so that organization implements the additional controls to reduce the risk from the identified vulnerabilities.
  • Penetration Testing:
        After performing the vulnerabilities the next step is to exploit those vulnerabilities to more secure the organization.
  • Awareness and Trainings:
        Training is the most important part in reducing the risk of an organization. Training helps the users to understand the threats such phishing, malware and also to implement the security policies like clean desk policies.
  • Configuration and Change Management:
        Configuration uses baseline to ensure that the system start in secure and hardened state; on the other hand change management helps to ensure that the change does not result in unintended configuration error. 
  • Media Protection:
        Media protection includes the physical media like USB, internal and external drives.
  • Physical and Environment Protection:
        Physical security is also an important control; it includes cameras and door locks. Organizations must keep protected critical assets like servers. Environmental controls include the heating and ventilation system of the organization.

Preventive Controls:
To prevent the incident from occurring. Some of the preventive controls are discussed below:
  • Hardening:
      Hardening is the best practice to make the system more secure by disabling the unnecessary services and removing the default configurations.
  • Security Awareness Trainings:
    Awareness Training helps the organizations to train their employees about the well known attacks and vulnerabilities that exist in the society. Most important is that social engineering attack employees should be aware of this.
  • Security Guards:
    Guards prevent many physical attacks like to get access to secure areas of the building of organization.
  • Change Management:
    There should be a proper change management process so change does not apply on fly. Change management is an operation which attempts to prevent the incident.
  • Account Disablement Policy:
    Accounts should be disabled when the employees leave.

Detective Controls:
Detective controls help to detect when the vulnerabilities have been exploited. Important point is that it detects the incident after the incident occurs. Some of the detective controls are discussed below:
  • Log Monitoring:
        Log record details of activity of networks and systems. It helps in detecting the incident
  • Trend Analysis:
        Trend analysis is the analysis of past alerts to identify on which system there are more attacks.
  • Security Audit:
        Security Audit helps to examine the security posture of the organization. For example to audit whether strong password policies are implemented or not.

Corrective Controls:
These controls reverse the impact of incidents or problems after it has occured. Some of the corrective controls are discussed below.
  • IPS:
        Intrusion Prevention System detects attacks and then modifies the environment to block the attack from continuing.
  • Backups and System Recovery:
        Backups ensure that the data recovered if lost and system recovery procedure ensure the administrator can recover the system after failure.

Deterrent Controls
Deterrent Controls discourage the attackers from attacking or discourage employees from violating the policies. Some deterrent controls are discussed below.
  • Cable Locks:
        Example of cable locks is that securing the laptops to furniture with cable locks deters thieve from stealing the laptops.
  • Hardware Locks:
        Locking the server rooms or other critical places deter the attacks.

Compensative Controls
These controls are used to compensate the primary controls for example if organizations use smart cards to access the systems. For new employees it is difficult for them to receive their card on the first day so some other method can be used instead of a smart card.

Comments

Post a Comment

Popular posts from this blog

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m
Read more

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio
Read more

Authentication Services

Image
  Authentication Services: In this section we will discuss the authentication services. The main goal of these services are to ensure that unencrypted credentials are not sent across the network. In other words they ensure that credentials are not sent in clear text. Kerberos: It is a network authentication mechanism mostly used in both windows active directory domain and some Unix environments. Kerberos provides mutual authentication that can help prevent MITM attacks and uses tickets to help prevent replay attacks. Working of Kerberos: The KDC(key distribution center) uses a complex process of issuing TGTs(Ticket granting tickets) and other tickets. The KDC packages user credentials within the ticket. Tickets provide authentication for users when they access resources such as files on the file server. These tickets are sometimes referred to as tokens. NTLM: New Technology LAN Manager is a suite of protocols that provide authentication, integrity, and confidentiality within windows sy
Read more