| Without a strong network security strategy, companies will not be able to achieve IT security. |
The National Security Agency (NSA) has identified three basic functions that constitute a good IT security system. According to the NSA, these functions are critical and can prevent 93% of network incidents. NetCraftsmen has identified four other steps. These steps, combined with the three steps of the NSA, can lay a solid foundation for building a comprehensive safety system.
One, NSA's security steps
Step 1. Multi-factor authentication
Enterprises should deploy multi-factor authentication, such as two-factor authentication (2FA), instead of just using passwords. 2FA relies on what users know (passwords) and what they own (physical devices, such as security token generators or phones). Other mechanisms also rely on factors such as biometrics.
SMS verification has become a popular mechanism for 2FA. During the login, the security code is sent to the mobile phone via SMS or phone. The user enters the security code to complete the login verification. If an attacker takes over a mobile phone account or number, this type of verification may be attacked, so it is not suitable for highly secure accounts.
Step 2. Role-based access control
Deploy role-based access control to provide access only when a person's function or role must access resources. For example, HR employees will not need to access accounting functions. By restricting access, the compromised employee account will not be able to access functions and data outside the scope required by the role.
As IT security becomes more and more important, almost all products have role-based access security controls. This should be the key criterion for product selection. The American National Standards Institute also has standards in this area, which are described in detail in "ANSI InterNational Committee for Information Technology Standards 359-2004" and "INCITS 359-2012".
Step 3. Allow list application
The network used to be open, and the only filtering performed was to deny certain connections. The allow list subverts this model. Only those connections and data streams required for application functionality are allowed; all other connections are blocked. The purpose here is to reduce the chance of a safety leakage incident spreading horizontally throughout the enterprise.
The security team should configure a filtering system to record or log failed attempts to establish a connection. Think of these alerts as tripwires that may lure the team to an infected account or system. Security information and event management can help manage a large number of events from the filtering system.
Second, NetCraftsmen's safety steps
Step 4. Fix vulnerabilities and solutions
The security team must work hard to fix known vulnerabilities and deploy solutions. As mentioned by the NSA, zero-day attacks rarely occur, and most network security vulnerabilities are caused by unpatched systems. Companies must regularly update applications, server operating systems, and network infrastructure. The security team will need processes and people to track updates, and a configuration management system to drive updates.
Step 5. Network segmentation
The purpose of network segmentation is to prevent automated malware from spreading horizontally between business functions. Enterprises can segment the network according to functions, and access between segments is restricted. For example, there is no reason for the infrastructure network to access business functions such as HR or accounting. For any access between business segments, the security team should use the application allowed list (see step 3 above).
Step 6. System backup
The most common intrusion is ransomware, and successful widespread attacks can severely hit the enterprise. System backup can reduce most of the risks of such attacks, but the premise is to ensure that the backup itself will not be attacked. The security team must carefully design its backup system to ensure security, because the attacker will monitor the IT system for several weeks before triggering the encryption of enterprise data.
Like ransomware attacks, natural disasters are equally destructive, and backups should be stored in different locations without being affected by the same natural disaster. Companies can study how other companies deal with natural disasters and how to recover from natural disasters to understand effective and ineffective methods.
Step 7. Employee safety education
The final safety step is to educate employees. Use anti-phishing campaigns to train employees and let them know about intrusions and fraudulent emails. A common attack method is to trick employees into clicking on jokes, pictures, or videos that have been infected with malware in emails. Fraudulent emails can trick employees (usually in financial positions) into making fraudulent transfers. Certain employee roles may require other job-specific training.
Training has been proven to be feasible. Such training should emphasize past experience and lessons and include new attack mechanisms. Another benefit of training is that employees are better prepared to avoid such attacks in their personal lives.
Three, make sure everything is running normally
A good IT system depends on the proper balance of people, processes, technology and tools. The above seven steps mainly focus on people and processes. In order to obtain a balanced security foundation, companies can use the "Network Defense Matrix" to evaluate security tools.