Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Visibility networks
- This topic has 8 replies, 1 voice, and was last updated 2 years, 5 months ago by
.
-
Topic
-
-
Replies
-
-
In order to protect against a DDOS attack I recommend to implement a real time DDoS attack protection solution. Large, high-volume DDoS attacks are not the only form of DDoS attacks. Short duration, low-volume attacks are commonly launched by attackers to stress test the organization’s network and find security vulnerabilities within it’s security perimeter.
-
-
-
-
It will be difficult not to fall victim but there are many things you can do to minimize your chances. I recommend you start with having an accurate inventory of all devices that connect to your network. This should include, hopefully, devices of third parties that are connected to you. Consider building a baseline of your normal network traffic patterns, so that you can tell what is abnormal down the road. Harden all devices, ensuring all unnecessary ports are closed and redundant software is uninstalled, and host-based firewall is set up, among other tweaks. I would also suggest you turn logging on in all critical devices you want to monitor and connect these to a cloud-based security information event management (SIEM) service that come with strong data analytics features. Over time, as you fine tune your SIEM, you should be in a better position to sift out attack signals from noise and arrive at better visibility of your network. Check out https://www.cisecurity.org/controls/
-
-
I had to think hard to understand what is meant by visibility. First I thought that the visibility meant that the management needed a clear picture of the networks and systems. That would help the leadership and also the hackers, particularly if they are inside.
May be an exhaustive list of all the hardware, software, versions, configurations, etc. would help visibility. That would really help in case there is a recall or if the vendor reports an issue and provides a patch. That would be sort of Bill of Materials for all the resources. However, if an ISP is part of the network, it would not be possible to have full visibility of the network.
The visibility that would really help is the visibility of the attack. We want to know as soon as the attack happens or hatched. Not after the hacker is gone or after the confidential data is published. That is where the tools really help.
The tools are easy to use for some – those who are well trained on the tool and also understand how the network, systems, and particularly the most valuable resource, data, fit together and how they can be compromised. If the hackers get a copy of the data or a custom application, and do not divulge, then there is no visibility. It is like the attack never happened.
-
The starting point is always having an inventory of all the devices on the network, this includes all third party devices that might be there. Once that has been done carry out a business impact analysis (BIA) of the network to determine the category in which those devices will fall under. This will help in deciding how those devices will be configured. Always remember to keep things simple cause a complex network makes reconnaissance hard as well. The less complex security tools, the more likely that you can defend your network better and the more visibility you will have on the network.
Among other things that you should have are intrusion detection and intrusion prevention tools as well as SIEM services to help in detecting, preventing as well as analysing the events on the network.
-
You must be logged in to reply to this topic.
