cybersecurity

• General Information

• Network Security

• Application Security (AppSec)

• Information and Data Security

• Identity and Access Management (IAM)

• Operational Security (OpSec)

• Mobile Security

• Cloud Security

• Business Recovery and Continuity

• Cybersecurity Guide

• News [Spanish]

Network Security

• Any activity, process, technology or policy that seeks to protect the digital resources of an individual or organization from failures and attacks on its Confidentiality, Integrity and Availability (CIA).

• Any activity designed to protect the access, use and integrity of the corporate network and data.

• Hardware and software solutions, as well as processes or rules and configurations related to network usage, accessibility and general protection against cyber threats.

• It is aimed at various cyber threats.

• Prevents cyber threats from accessing and/or spreading through the network.

Scope of Network Security

• Security of the digital perimeter of an organization.

• Security within the "walls" of a "fortress."

• Within the "walls" we find the IT (Information Technology) infrastructure of a company, that is, the software, hardware, data storage and network components of each of the users and devices.

Network Security Objectives

• Prevent malicious attacks from gaining access to internal networks of computers or other devices.

• Protect the data, systems and devices where they are stored.

• Ensure that the information that enters and leaves the devices is kept only between them and their recipients, remaining confidential and away from third parties.

Cyber ​​threats (threats) and Vulnerabilities

• Possible violations that affect the confidentiality, availability or integrity of resources.

• They may include disclosure of sensitive data, alteration of data, or even denial of access to a service.

• Threat agent: person or a group of people who intends to cause damage using existing vulnerabilities.

• Threat vector: path that an attack follows.

• Vulnerabilities: weakness or bug that threat actors can use to violate security policies.

Network Security Phases

• Phase 1. Prevention

  • Define what needs to be protected.

  • Determine organizational responsibilities.

  • Establish implementation procedures.

  • Detail the execution.

  • Create a security awareness program to train all employees.

  • Establish access controls to manage how employees use and access the organization's resources.

• Phase 2. Detection

  • Use features that monitor and log system activity.

  • In the event of a potential breach or malicious activity, detection systems should notify the responsible party or person.

  • The detection process is only effective when followed by a timely planned response.

• Phase 3. Response

  • Well-planned correction to an incident.

  • Stoppage of the attack in progress.

  • Updating a system with the latest patch.

  • Changing a firewall configuration.

Access Control

• Type of security control.

• Phases: Identification, Authentication, Authorization and Accountability (IAAA).

• Phase 1. Identification: confirmation of the user's identity through a unique identifier such as a "user id", a "user name" or an "account number".

• Phase 2. Authentication: verification of credentials that the user "knows" (e.g. username and password), "has" (e.g. ID card), and/or "is" (e.g. biometrics).

• Phase 3. Authorization: granting access permission.

• Phase-4. Accountability: Tracking user activity to hold those who have access accountable for their actions in a system.

Network Segmentation

• It consists of dividing a network into smaller logical parts so that controls can be added between them.

• This improves performance and safety.

• Virtual Local Area Networks (VLANs) are a common method of network segmentation that is carried out locally or using cloud infrastructure.

• When used for the cloud, they are called "Virtual Private Cloud" (VPC).

Perimeter Security

• Define a perimeter.

• Determine what type of traffic should flow: data, voice, video, etc.

• Configure the appropriate control mechanisms: Firewalls, IDS, IPS, VPN, etc.

Encryption

• Ensures the confidentiality and integrity of data in transit or at rest by converting it into encryption using a key.

• Types:

  • Symmetric encryption: consists of a single key that is shared between the sender and the receiver.

  • Asymmetric encryption: uses two keys, one public and one private, to encrypt/decrypt information, making it less vulnerable.

Hash

• It uses an algorithm that generates a fixed-length string of random characters by converting the original data or message into a short value.

• This works as a key to guarantee the integrity of that message or that data.

• Hash algorithms are a way to verify the integrity of communication.

• Typical uses of hashing: storing passwords, monitoring files, ensuring communication integrity securely, etc.

Network Security Measures

• Firewall (FW).

• Intrusion Detection System (IDS).

• Intrusion Prevention System (IPS).

• Virtual Private Network (VPN).

• Data Leak Prevention (DLP).

• Digital Rights Management (DRM).

• Logs, Monitoring and SIEM.

Firewall (FW)

• Analyze and classify traffic automatically.

• Blocks or allows the passage of traffic.

• For a firewall, traffic is divided into two categories: "desired" traffic to pass and "undesirable" traffic to block.

• A firewall is configured with a list of rules ("policies").

• The traffic that is allowed to pass through a firewall is specified in its configuration, based on the type of traffic a business has and needs.

• The firewall uses this list of rules to determine what to do with the traffic once it receives it.

• The best and most important security practice with a firewall is that it should block all traffic by default.

• It must be configured to allow only specific traffic to pass to known services.

• Firewall configuration is critical.

• It operates at different layers within the "International Standards Organization" "Open System Interconnect" (ISO OSI) model.

• OSI layers 2-5: the usual.

• OSI layer 7: "proxy", "gateway", "Web Application Firewall" (WAF).

Intrusion Detection/Prevention System (IDPS)

• IDPS = IDS + IPS.

• IDS:

  • Passive device.

  • Monitors the network for malicious activity.

  • It focuses on finding traffic that shouldn't be there (coming from a hacker, etc.).

  • Log suspicious traffic.

  • Make reports.

  • Types: Network-Based IDS (NIDS) or Host-Based IDS (HIDS).

• IPS:

  • Active device.

  • The IPS must know what is and is not “good” traffic.

  • This can be done with signature files or it can learn.

  • When it realizes that the traffic it is flowing is coming from a hacker, it destroys that traffic.

  • In practice it is very difficult to correctly adjust this type of systems.

  • Types: Network-Based IPS (NIPS) or Host-Based IPS (HIPS).

• Most companies opt for an IDS, which they complement with registries, a SIEM, as well as prepared response plans and teams.

Virtual Private Network (VPN)

• One of the most common security measures in companies.

• It connects to a secure server before connecting directly to the internet.

• Hides the user's IP address and location.

• Protects the confidentiality of data as it passes through the network.

• The core of a VPN is encryption, although it also uses authentication.

• Encryption options:

  • Secure Socket Layer (SSL)/Transport Layer Security (TLS).

  • Secure Shell (SSH).

  • Internet Protocol Security (IPsec).

Data Leak Prevention (DLP)

• Protection of intellectual property (IP).

• IP includes: manuals, processes, design documents, research and development data, etc.

• Objective: keep confidential information contained.

• DLP looks for sensitive information in data streams such as emails or file transfers.

• If the DLP software sees sensitive information such as a credit card number, it blocks or stops transmission (or may encrypt the information, if that becomes a more appropriate option).

Digital Rights Management (DRM)

• Protection of intellectual property (IP).

• IP includes: manuals, processes, design documents, research and development data, etc.

• Objective: ensure that information can only be seen by those who should see it.

• DRM allows the company to share digital content (books, manuals, etc.) with its clients in a controlled way.

• DRM software controls access to intellectual property.

• DRM technology uses access control that determines how long someone can use the content, whether it can be printed, whether it can be shared, etc.

• The parameters are based on the wishes of the intellectual property owner.

• Some examples of platforms that use DRM are: Netflix, Amazon Prime Videos, Spotify, iTunes, Kindle, etc.

Logs, Monitoring and SIEM

• Logs:

  • Virtually all systems within or connected to a network must generate logs.

  • This allows you to know what has happened and what is happening on the network.

  • This results in a large number of logged events.

  • What is recorded is determined by the company itself.

  • This could include login attempts, traffic flows, packets, actions taken, or even every keystroke a user makes.

  • The decision about what to record should be based on business risk analysis, asset sensitivity, and system vulnerabilities.

• Supervision:

  • To make sense of all this data, it is necessary to send the logs, which are also audit trails, to a central location such as a syslog server for analysis.

• Security Information Event Manager (SIEM):

  • Analysis tool.

  • Once the logs are on the syslog server, they are analyzed by a SIEM.

  • Analyze the logs of all systems and correlate events.

  • Look for "indicators of compromise" (IoC).

  • If there is an IoC, someone should review that event and determine if action is necessary to stop an attack or to repair and restore systems after an attack.

  • An IoC does not always represent evidence of a malicious event, so it must be analyzed by people.

  • This is where a SOC ("Security Operation Center") and an incident response team ("IRT") must determine what the next steps are.

Vulnerable Areas of Network Security

• File exchanges.

• Email.

• Outdated programming languages, operating systems and programs.

• Hidden file extensions.

• Instant messaging (IM) platforms: WhatsApp, Facebook Messenger, etc.

• Chatbots.

• Wireless networks/connections: WiFi, NFC, etc.

Whether you are self-employed, an SME or a large company, at U2-LAB™ we help you with everything you need, at all times, from the beginning of the project to its completion and beyond, so that you have peace of mind and can dedicate yourself to what really matters: growing your business/company and offering your clients services of the highest quality, effective and efficient.