8 Steps to Creating a Secure IT Environment
1. Your Security Policies and Procedures These are the cornerstones of your IT governance. These together determine that -- “What should happen or be done; and how that is going to happen or to be done” of your security posture. These also include developing the big picture of your entire IT infrastructure.
When you create and document a solid policy/procedures, it will provide your organization an IT and security blueprint for your initial build, maintenance, management and remediation of issues. This document or manual will also prepare the environment to work within any framework and meet compliance requirements.
-
2. Your Gateway Security Gateway security is essential to keeping the bad guys out. There are a number of popular next-gen firewalls in the market that will provide excellent security at the gateway. You should consider the actual needs of your IT environment to decide upon which firewall will work best in your case.
For example, if you have a high throughput IT environment where you have a large network with a large internal IP count, then you might need a NGFW that runs only a few services on board and reserves the majority of its resources for ingress-egress traffic.
On the other hand, if you have an IT environment that requires a very high level of security but has limited WAN bandwidth, then you may be better suited for a UTM (Unified Threat Management) firewall which runs a number of services onboard. Traditionally it will utilize significant resources for services such as deep packet inspection (DPI), data loss prevention, (DLP), gateway antivirus, website filtering, email filtering and other high-end security services, all at the same time.
-
3. Your Endpoint Security Modern antivirus solution have already morphed in Endpoint Detection and Response (DER) technologies. There are already using the real-time threat-intelligence feeds, to actively remove malwares based on heuristic data. There are also utilizing the analysis of User-behavior.
Your EDR solutions are more than traditional antivirus and anti-Malware protection. There are so many of high-quality EDR solutions in the market to choose from.
-
4. Identity and Access Management (IAM) These services range from Active Directory and LDAP (Lightweight Directory Access Protocol), Cloud LDAP, and authentication services like those provided with:
• AWS IAM services
• Microsoft Azure Active Directory services
• Google Directory services.
There are tons of IAM services to choose from, and your IT environment will dictate the type of IAM services to use.
NOTE:The other part of this equation is MFA. The industry is full of MFA providers, from Google Authenticate, OAuth, Entrust to Yubikey and many others. Whether it’s token based, hardware or biometric-based, MFA it is more important to understand that the second form of authentication has to be separate from the initial authentication system and it needs to be secure. For example, biometric authentication is very popular, but if it is simply used as a shortcut to enter an insecure password, then it is not a secure solution.
Soft tokens or One-Time Passwords that are received through Short Messaging Service (SMS), though very popular, do not provide the level of security that is often marketed. SMS in and of itself is insecure. Traditional SMS messages are sent in clear text and are subject to being intercepted or even having the SMS service broker hacked and the unencrypted messages being stolen and used to hack other larger targets. There have also been instances of “man in the device” attacks that have been used to such steal tokens as they come in from the SMS broker. It is kind of a gray area!
IAM and MFA are probably the most important aspects of your security posture, because not only does it control ingress authentication from the WAN, but it also validates and authenticates internal users requesting access to various resources. Once you have understood it fully, you can move on to next...
-
5. Mobile Protection, Remote Access, and Virtual Private Networks (VPN) Mobile devices are more prevalent in the workplace. This creates an especially unique situation for security professionals who are tasked with securing modern environments. The options for securing these environments is growing on an almost daily basis. You can implement mobile device management (MDM); you can implement such wireless networks that will prevent devices from connecting to your network unless they pass authentication and a scan to ensure the mobile device meets the preset requirements.
For example, you many not allow any 3rd party downloads outside of the prescribed manufacturers’ store. You can ensure that anti-virus and anti-malware is installed and up to date and you can ensure that the mobile operating systems is updated to the prescribed revision range.
You might have already observed that many Antivirus/Antimalware and EDR solution-providers are making special versions of their solutions to accommodate most mobile operating systems too.
Let's now come to the tricky topic of Remote access and VPN to the environment. Every time you or your employees need to connect to company's networks or IT assets for their work purposes, they are probably leaving a window open for the attackers to sneak in...You use VPNs but you cannot rest. Because not all VPNs are created equally. Right?
IF you have implemented simple VPN connections made with your firewall or gateway router, with a simple handshake and a GRE tunnel to all the remote endpoints to pass traffic through the open VPN ports and into your IT environment, then you are delusional. It is risky and HIGHLY not recommended for a security-intensive environment.
Instead you should set up a better VPN concentrator or gateway firewall that can handle VPN TUNNELS.
You should set up IPSec connections. Though there is a lot of work involved here because you have to load a security certificate on the gateway concentrator and on the IPSec software installed on the remote endpoint. BUT, this extra work is essential in creating a secure handshake and connection between the two devices. IPSec connections are great and they can be created with very fast speed and provide more security than a GRE connection. Right?
I guess, the IPSec connection running with AES256 and higher encryption over TLS are the most secure connections. It uses the most modern security type, an extremely high level of encryption, and requires a static RSA certificate to be installed on both endpoints. The same goes for static VPNs or site-to-site VPNs. The IPSec connection will create secure AES256bit or higher encryption for the SSL Tunnel as well as encrypting the payload with secure AES256 bit or higher encryption while in transit over the VPN connection.
-
6. Wireless Network Security There are so many aspects to WiFi security. You can at least take care of the followings:
• It is important to use long passwords containing characters, numbers, and letters.
• Please note that you need to change your SSID to something very random. Rainbow tables have been generated for the top 1000 used SSIDs, which can reduce attack-time significantly.
• Implement WAP2 or WAP3 with AES256 Encryption. The biggest problem of WPA may still be present, namely, if the integrity check is still done using TKIP-MIC.
• Other things to look at are authentication types, 802.1x, Active Directory, LDAP, AAA services are some of the more popular authentication types.
• It may be important to ensure that the system employs a guest WiFi authentication system. This will prevent, or at least deter, spoofing of the guest network as well as giving the WiFi owner an opportunity to collect information on every asset that connects to the guest WiFi. This is great for marketing and accountability purposes.
• How the rogue AP detection works. Does it go after non-system-based AP’s as rogue or does the system utilize logic to decide which AP’s are rogue and which AP’s may be legally active depending on activity, SSID names and perhaps MAC addresses? ***Please note there are FCC regulations against rogue AP detection and destruction***
• Every manufacturer has their own unique functionality around rogue AP detection and many other security functions. Iit is advised that the purchaser and IT department perform due diligence before making a decision.
-
7. Back up and Disaster Recovery Backup and disaster recovery (BDR) services are essential to an organization’s incident planning to stay up and running in the event of a major catastrophe. When choosing a BDR service you absolutely need to ensure that they will meet the organization’s needs 100%. Ensure that they provide a Service Level Agreement (SLA) of a minimum of 99.999% reliability.
-
8. Environment Visibility A good SIEM system will provide the security team with detailed network and asset visibility, aggregation and parsing of all log files within the environment, and the ability to organize and search the log files in an organized way. The ability to do forensics in the event of an environment compromise is also required.
An exceptional system will provide all of the above-listed functions as well as threat Intelligence from a reputable threat intelligence community. The ability to correlate log files against threat intelligence to identify real-time threats within the environment is required.
There are many SIEM vendors on the market today, and each one has its own unique features and functions. No SIEM is a one-size-fits-all type of system. Some provide very granular functions but require a very high level of technical skills to deploy, setup, tune and maintain.
-
Please let me know of what do you think about this post in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM