Topic Overview
如果你是网络安全领域的新手, 你可能想知道从哪里开始, how to do it, what you need, and why you need it. In most cases, starting with the following basics can greatly reduce your overall risk.
This is the bedrock and fundamental foundation of every successful security program. Having a solid asset inventory depends on a few simple things: knowing what assets you have, where they are on your network, 它们包含什么样的软件和配置, 以及哪些用户和系统可以访问它们.
从安全的角度来看,什么是“资产”? For starters, any kind of network-accessible electronic system, including (but not limited to):
如果您的资产清单存在漏洞,那么您的安全程序也可能存在漏洞. If you require that all laptops have full-disk encryption enabled on them before your IT team gives them to employees – but you and your IT team don’t know about the five new laptops that your HR team just purchased using a corporate credit card – they likely won’t get encrypted (until someone finds out about it).
Network and vulnerability management solutions can help maintain and identify gaps in your organization’s asset inventory. Using a combination of network scans and endpoint agents can help provide rich, 资产清单的近实时数据.
任何好的安全程序都是从多因素身份验证(MFA)开始的 security awareness training 用于访问关键的个人或业务数据. 认证的形式分为三类:
Passwords are fundamentally flawed and can be easily stolen via phishing attacks, password-guessing attacks, and malware. 只需使用密码来保护您的数据, 攻击者只需要跳一圈就可以破坏您的帐户. Requiring multiple forms of authentication for users makes gaining user credentials – and therefore access – much more difficult and expensive for attackers.
One important thing to note here is that requiring two forms of authentication from the same category will not suffice from a security perspective. For example, if you require users to enter a password and then answer a security question – such as “what’s your mother’s maiden name?——这不算双因素认证.
Since those are both “something you know,” it’s simply single factor authentication, twice. Requiring a password (something you know) and then a six-digit code generated by an app on a smartphone (something you have) does count, however.
Simply put, patch management means making sure all of your software is up to date, installed, and configured correctly. 这包括获取、测试和安装补丁.e. 软件更新)到您组织的系统和设备.
To do this effectively, 您需要不断了解可用的补丁, 确定哪些系统需要哪些组件, oversee their installation, 并在补丁后测试问题. 这通常是作为IT和DevOps团队之间的伙伴关系来处理的, as opposed to the security team.
补丁管理密切相关 vulnerability management, the process of determining whether you have any vulnerabilities in your IT environment. There are three elements behind patch management: prioritizing vulnerability remediation, 评估补偿控制(1).e. 降低漏洞风险的现有安全技术或系统), 确保补丁安装正确.
Here’s why these elements matter: applying a patch will sometimes break another part of the software you’re using, causing more harm than good. Understanding this inherent risk will play a large role in how you prioritize which patches to apply.
In the event a patch does break software – requiring you to remove the patch – then having compensating controls in place will make it harder for an attacker to exploit vulnerabilities that reemerge. An example of a compensating control would be implementing firewall rules that limit the number of systems that can communicate with a not-easily-patched vulnerable system.
以帮助减轻潜在的影响, it’s a good idea to test patches on non-critical systems or in test environments that mirror your production environment.
Decentralization disseminates data across your networks and cloud services to ensure that if one user or server in your organization’s network is compromised, 攻击者不一定能够访问存储在其他地方的公司数据.
For example, if an attacker finds a way into one of your office’s internal file-share systems in a decentralized environment, they’ll likely only be able to access that office’s shared files but not necessarily all of the files in your cloud-storage provider. However, 如果您有一个集中式环境,并且攻击者破坏了一台服务器, they may find ways to easily move from that server to additional company systems and data, such as email servers, financial statements, or user directories.
去中心化提供了两个好处:
如果你有一个小的安全团队, it can be incredibly difficult to monitor the dozens of cloud applications your company uses. Luckily, well-established cloud-service providers invest heavily in their own security teams and programs focused on in-depth protection of their environment.
Keeping the vendor’s application separate from the rest of your network allows your security team to focus on your organization’s core environment, while the vendor’s security team can focus on protecting the application or service they host on your behalf.
如果一个供应商应用程序在分散的环境中受到损害, 这意味着数据泄露的影响仅限于该应用程序或供应商.
Doing this makes it more difficult – but not impossible as seen in recent breaches – for an attacker to access the rest of your systems and information. 攻击者就越难到达中央服务器, 他们就需要在袭击中投入更多的时间和金钱, 他们就越有可能放弃它或被抓住.
This is the process of determining which of your network systems and devices need to talk to each other, 然后只允许这些系统相互通信,不允许其他的.
例如,假设一名护士在医院的笔记本电脑上工作. In a securely segmented network, 这种笔记本电脑只能与一两个其他系统通信, such as a print server (for printing patient records) and the patient record application itself. However, in a “flat network” – a network with no segmentation between systems – this laptop could talk to every other system on the network. 如果攻击者入侵了笔记本电脑, they’ll be able to attack those systems through completely unchecked lateral movement.
有效地分割你的网络, 盘点你最重要的资产是很有必要的, 了解他们在你的网络中的位置, 以及可以访问它们的特定系统和用户. If the assets are accessible by more than those systems and users, that should be remedied.
最小化系统或应用程序的总体攻击面, 尝试始终基于的原则授予访问权限 least privilege access (LPA). You’ll also need to ensure nothing on the network is able to communicate directly to your database servers, 关键应用程序数据通常存储在哪里.
一旦您整合了这些基本的最佳实践, attackers will likely find it more difficult to move freely around your network. Plus, 攻击的成本和时间越长, 攻击者就越有可能放弃攻击或被抓住.