Steps in Cyber and Infrastructure Security Analysis
Digital Innovations Global follow the following steps as a minimum to provide complete cyber and infrastructure security analysis reviews for our clients.
It is said “Defence is in Depth”, and we follow this rule while designing and implementing any security system or model. This security model consists of 4 layers of security and each layer is described in detail in this post.
Layered Security Model
Most of us don’t work for organisations with budgets for procurement of security equipment or systems (or security personnel). In this context, we implement this Layered Security Model with the help of tools/technologies available free on the Internet. These tools perform data collection, analysis, reporting and generation of alarms.
The four key layers of the security model are:
Security Layer-1: Perimeter Defence Security Systems
This layer is like the four walls and the roof of a secure house. It includes firewalls, routers and proxy servers. A national survey showed that 70-80% of attacks are internal i.e., from within the organisation’s internal network. Therefore, securing from internal attacks is the first line of defence. However, having only this line is not enough to protect any network and valuable information.
One of the common attacks on this layer is DoS (Denial of Service) attack, which involves flooding the point of connection to outside world with unproductive traffic. This brings communications with the Internet to a standstill. Some of the common DoS attacks on routers are Smurf, Syn, Ack and Rst attacks.
Security Layer-2: OS and Application Servers Security Systems
This layer holds protection of operating system, the application servers, web servers, and mail servers. While traffic is regulated at the perimeter depending on the needs of the organisation, the applications utilising the traffic run on different application/web servers which in turn run on operating systems. An abuse of operating system privileges can potentially compromise network security. Users with access to the underlying operating system can jeopardise the availability and integrity of the firewall and expose critical network resources to both internal and external security threats. Hardening this layer will protect the network from number of internal threats.
Vulnerabilities exist in operating systems, web servers, proxy servers, mail servers and application servers that need patches/service packs/hot fixes to fill those holes. An organisation may have multiple operating systems in its network. It is the responsibility of the OS vendors to make their products secure. In addition the user organisation also has the responsibility of applying the available security features.
Some of the General Practices to Secure Server Hardware are:
Security Layer-3: Host Protection
Now that we have our perimeter defence tightened and the OS fine-tuned, we look at another threat from the internal workstations connected to the network.
We use workstation security for two reasons:
- to protect against someone trying to attack from within the network.
- to protect the data stored on workstation from someone coming in through the firewall.
Some of the key characteristics related to workstation security are listed below.
Security Layer-4: Data/Information Protection
Cyber and infrastructure security cannot be achieved by merely implementing various security systems, tools or products. However security failures are less likely through the implementation of security policy, process, procedure and product(s). Multiple layers of defence need to be applied to design a fail-safe security system. The idea behind multi-layered defence cyber and infrastructure security is to manage the security risks with multiple defensive strategies, so that if one layer of defence turns out to be inadequate, another layer of defence will, ideally, prevent a full breach. Digital Innovations Global believes that, at a minimum, everyone must apply a range of security perimeter defences so that their resources are not exposed to external attacks and ensure that the security system is not limited by the weakest link of the security layer, which can be achieved by using the above Secure Firewall Tester application.