Generally, people have this idea in mind that Information Security arrangements are for reacting on security breaches rather than preventing them. But on the contrary, preventing problems by strengthening security is more effective and less expensive than reacting to breaches after they occur. We deploy so many layers of security in an organization; still we face issues and security breaches quite often. It is high time for us to think about the reasons behind this. Below are few reasons which I could think of:
1. In an enterprise wide environment, weakest link in security chain is the end mile network point. Endpoints and their users become the loophole in the properly tighten security structure. Security teams should ensure that even the last network device is covered in the scope of Security deployment. Also, customers should help to patch this loophole.
2. Hardening the OSs, applications, Databases, and web servers should be the top most priority but one should keep the fact in mind to harden the endpoint systems as well.
3. Hardening controls for different flavors of application should be different for each component. For example, Controls for DB hardening should be different than that of Web servers. Server present in DMZ should be hardened more tightly than one server in MZ.
4. While performing Vulnerability Assessment, only servers are considered for scanning. Teams should consider scanning the databases, applications, network devices and endpoints.
5. One more important aspect to think about is the user access management. The questions of Who, What and which need to be asked while providing access to any user. Who is the user, what the requirement is and which privilege needs to be permitted.
To secure the enterprise, organization’s management must think in a way to deploy multiple layers of security defenses. But at the same time, definite and secure way of deploying these layers is more important than choosing the products. Let us see couple of examples to understand the measures which can be used to sanitize the network security and make it more effective:
1. Let us consider and enterprise has deployed Firewall to secure the perimeter of the network. If unnecessary ports are open in firewall, it does not matter if the product is very effective, attacker might get access to the network resources through those open ports. The mitigation of such scenarios would be to close all ports and protocols by default and open only those ports which are actually required.
2. Constant review of IDS and IPS policies should be done to avoid the noise of false positive which will in turn improve the performance of the product.
3. Basic security of the endpoint systems should be of prime focus. Open shares should be avoided, basic antivirus protection should be installed, Active Directory domain group policy should be tightly implemented and at last User privileges should be provisioned considering RBAC(Role Based Access Control) model.
4. And finally, most important aspect of the information security control, which generally is undermined by most of the organizations management, is User Awareness. As we discussed in the start, the weakest link in the information security chain is the endpoint and human link. User awareness campaigns should be run organization wide to make the users aware of what can go south and how can we stop it from going south and the support of the end users is required while maintaining the information security.
Deploying Security Solution is a major step in securing the environment, but applying correct policies, reviewing the policies and sanitation of processes are steps to strengthen your security deployment. Sanity of Security Policy and its deployment is one of the most important tasks in order to prevent the breach.
Authored by Punit Dwivedi