BE.iT

Menu

CYBERSECURITY

WE DIRECTLY CARE ABOUT
3 FORMS OF INFORMATION SECURITY.

icon_1_red_new
DEFENSIVE
icon_2 copia_red_new
OFFENSIVE
icon_3 copia_red_new
POST INCIDENT

DEFENSIVE

icon_1_red_new

DEFENSIVE SECURITY HAS AS ITS TASK THE PRESERVATION OF DATA.

Must be ensured:

01. Availability

The data must be available at the time requested, regardless of possible attacks or failures of the system in which they are stored.

They fall within this category:

Redundancy systems

They can be at the level of the storage of information (RAID, Storage, Synchronous/Asynchronous Replication, Disaster Recovery), or at the level of the systems capable of processing it (Cluster, Business Continuity)

Backup systems

02. Accessibility

Precautionary measures should be put in place to limit access to the data to authorized users only.

Technologies suitable for achieving this purpose are:

directory copia_red_new

Directory Service

Active Directory, RedHat Identity Manager/FreeIPA, Oracle Identity Manager, are some Directory Services on the market. The directory service contains a representation of every object within the information system. These include user accounts, computers, printers, storage systems, network folders…

policy copia_red_new

Policy Manager

This component allows the creation of security policies that can be applied to any object within the Directory Service

cryptography copia_red_new

Cryptography

The use of encryption, combined with other systems, makes it possible to properly manage the accessibility of information and protect it both within systems and in transit to other places

03. Perimeter Protection

Perimeter protection systems allow controlled and secure access to other networks (e.g., the Internet), with a lower level of security or not managed by the organization. They include:

FIREWALL: These systems allow filtering of through traffic and determine which is allowed to pass from one network to another. Modern firewalls include other functions such as:

vpn copia 2_red_new

VPN

They allow you to connect multiple locations of your company, or other collaborating companies, using low-security but pervasively available networks (such as the Internet), public leased lines

proxy copia 2_red_new

Proxy Server

Filtering service specializing in a number of layer 7 (application) protocols. An example is the http/https proxies

encrypted copia 2_red_new

Advanced Thread Protection

Provides a service that can analyze traffic using Deep Packet Inspection probes and detect complex attacks

isp copia 2_red_new

ISP/IDP

Systems capable of checking for abnormal traffic and reacting accordingly

server copia 2_red_new

Proxy Server

They can be integrated with other systems (such as firewalls, see above) or stand-alone systems

location copia 2_red_new

Sonde

They are placed at specific points in the network. Their job is to examine the through traffic and have it analyzed by IDS/IDP systems

04. Log Management

Every event, within an information system, generates logs. These logs are often the primary source of information regarding security events and security breaches.

It is necessary both to manage them properly (so that they are both accessible and properly protected from manipulation) and to have systems capable of correlating logs from different sources in order to understand the nature of one or more specific events (SIEM)

05. Patching Management

Information systems are naturally prone to bugs. Such bugs are continually discovered, and manufacturers provide patches to correct the problem.

It is essential that there are proper procedures for information system maintenance and patching management to prevent the system from becoming vulnerable through neglect.

06. Honeypot

These are systems whose purpose is to act as targets for cyber attacks.

They have the dual function of diverting attackers’ attention to a trap system and being able to allow the nature of cyber attacks brought to the system to be analyzed in order to profile the attackers and their intentions.

OFFENSIVE

icon_2 copia_red_new

OFFENSIVE SECURITY AIMS TO VERIFY THE INFRASTRUCTURE AND SERVICES IN PLACE IN ORDER TO PREVENT ANY BUGS FROM ALLOWING AN ATTACKER TO TAKE CONTROL OF THE SYSTEM.

Offensive security is essentially based on 3 processes:

01. Vulnerability assessment

It is an automated process for scanning hundreds or thousands of machines in a short period of time. Its purpose is to find known bugs in active services and systems.

Such bugs are those that are known and catalogued in CVE (Common Vulnerabilities and Exposures) lists. This means that a vulnerability assessment is effective only on known and not ad hoc developed software. In this way, the overall security level of the system can be increased and prepared for more timely control.

02. Penetration Test

It is a process that applies to a more limited and restricted target than a vulnerability assessment. Typically, a penetration test is performed on the services most exposed to the public or access via public or low-security networks.

Typical examples of the target of a penetration test are ad hoc developed web applications. A timely analysis, performed by an experienced white hacker, will be able to point out any flaws in the web application’s proprietary code.

03. Code Inspection

By having the source code, a code inspection can be performed for the purpose of general application security.

Typical problems that can be found with this specific type of code inspection can be:

SQL Injection

Cross-site Scripting

Input/data Validation

Authentication

Authorization

Exposing Sensitive Data

Code Accesss Security

Exception Management

Data Access

Weak/wrong Use of Cryptography

Unsafe and Unmanaged Code Use

Configuration

Threading

Undocumented Public Interfaces

Covert Channel

POST INCIDENT

icon_3 copia_red_new

POST INCIDENT SECURITY INVOLVES THE WHOLE PART OF PROPERLY HANDLING A SECURITY INCIDENT.

This includes both the procedures for the proper management and preservation of digital evidence, as well as the analysis part of the incident (in order to understand what actually happened), as well as everything necessary to get back with the online systems without the risk of running into the same issues as the incident.

This includes:

Computer Forensics

That branch of computer security that deals with the collection and analysis of digital evidence, for evidentiary and investigative purposes. The task of computer forensics is to examine the sources of evidence generated by an incident in order to either understand what actually happened or:

Attack vector

The attack vector is what was used to be able to generate the incident. Normally, it is the method that was used either to gain access to the information system without proper credentials or to perform a priviledge escalation operation to gain rights and deceive the security policies in place.

Trackback

Analysis of digital evidence sources allows the process to begin to understand the origin of the attack and find the possible attacker. Given the nature of the TCP/IP protocol one or more hops may be hidden or require the cooperation of third parties (e.g., providers) to get to the communication endpoint.