×

Message

PLG_KUNENADISCUSS_DEPENDENCY_FAIL

CLASSIFYING VULNERABILITIES

Understanding the weaknesses and vulnerabilities in a system or network is a huge step toward correcting the vulnerability or putting in appropriate countermeasures to mitigate threats against those vulnerabilities. Potential network vulnerabilities abound, with many resulting from one or more of the following:

 

1.     Policy flaws

2.     Design errors

3.     Protocol weaknesses

4.     Misconfiguration

5.     Software vulnerabilities

6.     Human factors

7.     Malicious software

8.     Hardware vulnerabilities

9.     Physical access to network resources

 

Cisco and others have created databases that categorize threats in the public domain. The Common Vulnerabilities and Exposures (CVE) is a dictionary of publicly known security vulnerabilities and exposures. A quick search using your favorite search engine will lead you to the website. There is also a National Vulnerability Database (NVD), which is a repository of standards-based vulnerability information; you can do a quick search for it, too. (URLs change over time, so it is better to advise you to just do a quick search and click any links that interest you.)

 

 

 

THE END

 

 

CLASSIFYING ASSETS

One reason to classify an asset is so that you can take specific action, based on policy, with regard to assets in a given class. Consider, for example, virtual private networks (VPN). We classify (that is, identify) the traffic that should be sent over a VPN tunnel. By classifying data and labeling it (such as labeling “top secret” data on a hard disk), we can then focus the appropriate amount of protection or security on that data: more security for top secret data than for unclassified data, for instance.

 

The benefit is that when new data is put into the system, you can classify it as confidential or secret and so on and it will then receive the same level of protection that you set up for that type of data. Table 1 lists some common asset classification categories.

 

Table 1: Asset Classifications

 

 

Governmental classifications

 

Unclassified

Sensitive but unclassified (SBU)

Confidential

Secret

Top secret

Private sector classifications

Public

Sensitive

Private

Confidential

Classification criteria

Value

Age

Replacement cost

Useful lifetime

Classification roles

Owner (the group ultimately responsible for the data, usually senior management of a company)

 

Custodian (the group responsible for implementing the policy as dictated by the owner)

 

User (those who access the data and abide by the rules of acceptable use for the data)

 

Table 2 describes the four classification levels used within the Traffic Light Protocol (TLP). The TLP is a set of designations developed by the US-CERT division to ensure that sensitive information is shared with the correct audience. It employs four colors to indicate different degrees of sensitivity and the corresponding sharing considerations to be applied by the recipients. The CERT division, part of the Software Engineering Institute and based at Carnegie Mellon University (Pittsburgh, Pennsylvania), is a worldwide respected authority in the field of network security and cyber security.

 

Table 2: TLP Classification Levels

 

Color

When Should It Be Used?

How May It Be Shared?

RED

Sources may use TLP: RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.

Recipients may not share TLP: RED information with any parties outside of the specific exchange, meeting, or conversation in which it is originally disclosed.

AMBER

Sources may use TLP: AMBER when information requires support to be effectively acted upon, but carries risks to privacy, reputation, or operations if shared outside of the organizations involved.

Recipients may only share TLP: AMBER information with members of their own organization who need to know, and only as widely as necessary to act on that information.

GREEN

Sources may use TLP: GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.

Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels.

WHITE

Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.

TLP: WHITE information may be distributed without restriction, subject to copyright controls.

 

THE END

 

COST-BENEFIT ANALYSIS OF SECURITY

 

 

Network security engineers must understand not only what they protect, but also from whom. Risk management is the key phrase that you will hear over and over, and although not very glamorous, it is based on specific principles and concepts related to both asset protection and security management.

 

What is an asset? It is anything that is valuable to an organization. These could be tangible items (people, computers, and so on) or intangible items (intellectual property, database information, contact lists, accounting info). Knowing the assets that you are trying to protect and their value, location, and exposure can help you more effectively determine the time and money to spend securing those assets.

 

A vulnerability is an exploitable weakness in a system or its design. Vulnerabilities can be found in protocols, operating systems, applications, and system designs. Vulnerabilities abound, with more discovered every day.

 

A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited or, more importantly, it is not yet publicly known, the threat is latent and not yet realized. If someone is actively launching an attack against your system and successfully accesses something or compromises your security against an asset, the threat is realized. The entity that takes advantage of the vulnerability is known as the malicious actor and the path used by this actor to perform the attack is known as the threat agent or threat vector.

 

A countermeasure is a safeguard that somehow mitigates a potential risk. It does so by either reducing or eliminating the vulnerability, or at least reduces the likelihood of the threat agent to actually exploit the risk. For example, you might have an unpatched machine on your network, making it highly vulnerable. If that machine is unplugged from the network and ceases to have any interaction with exchanging data with any other device, you have successfully mitigated all of those vulnerabilities. You have likely rendered that machine no longer an asset, though; but it is safer.

Note that thresholds apply to how we classify things. We do not spend more than the asset is worth to protect it because doing so makes no sense. For example, purchasing a used car for $200 and then spending $2000 on a secure garage facility so that nobody can harm the car or $1500 on an alarm system for that car seems to be a fairly silly proposition.

 

If you identify the data with the greatest value/worth, you usually automatically identify where the greatest effort to secure that information will be. Keep in mind, however, that beyond a company’s particular view about the value of any data, regulatory entities might also be involved (government regulations or laws, business partner agreements, contractual agreements, and so forth).

 

Just accepting the full risk (the all-or-nothing approach) is not really acceptable. After all, you can implement security measures to mitigate the risk. In addition, those same security devices, such as firewalls and intrusion prevention systems (IPS), can protect multiple devices simultaneously, thus providing a cost benefit.

 

So, you can reduce risk by spending money on appropriate security measures, and usually do a good job of protecting an asset. You can never completely eliminate risk, so you must find the balance.

 

 

Table 1: Security Terms

 

Vocabulary Term

Explanation

Asset

 

An asset is an item that is to be protected and can include property, people, and information/data that have value to the company. This includes intangible items such as proprietary information or trade secrets and the reputation of the company. The data could include company records, client information, proprietary software, and so on.

 

Vulnerability

 

A vulnerability is an exploitable weakness of some type. That exploitation might result from a malicious attack, or it might be accidentally triggered because of a failure or weakness in the policy, implementation, or software running on the network.

 

Threat

 

This is what you are protecting against. A threat is anything that attempts to gain unauthorized access to, compromise, destroy, or damage an asset. Threats are often realized via an attack or exploit that takes advantage of an existing vulnerability.

 

Threats today come in many varieties and spread more rapidly than ever before. Threats can also morph and be modified over time, and so you must be ever diligent to keep up with them.

 

Risk

 

Risk is the potential for unauthorized access to, compromise, destruction, or damage to an asset. If a threat exists, but proper countermeasures and protections are in place (it is your goal to provide this protection), the potential for the threat to be successful is reduced (thus reducing the overall risk).

 

Countermeasure

 

A countermeasure is a device or process (a safeguard) that is implemented to counteract a potential threat, which thus reduces risk.

 

 

THE END

NETWORKING SECURITY CONCEPTS

 

 

INTRODUCTION

Although network security has been considered important for quite some time, especially for those of us who have spent a large portion of our careers in the network security field, there has been a surge in public interest over the past year or so due to events that have impacted even the least technically savvy person. It seems as if we cannot go a full week lately without hearing that credit card data or personally identifiable information (PII) has inadvertently been leaked (more accurately, stolen) from banks, retail stores, and the like by malicious actors.

 

Security has become more complex than ever as the motives and capabilities of threat actors continue to evolve while allowing the miscreants to often stay (at least) one step ahead of those of us in the network security space. In addition, the concept of location of data is becoming blurred by concepts of cloud computing and content-data networks and global load balancing. As we strive to empower employees around the world with ubiquitous access to important data, it is increasingly important to remain constantly vigilant about protecting data and the entities using it (individuals, businesses, governments, and so on).

 

And that is what we are here to do for you. To design, implement a security solution for you that will ensure that you always stay two steps ahead of threat actors (Hackers) and be able to prevent current known and future yet unknown attacks.

 

You should know that Security is important, and the lack of it risks financial, legal, political, and public relations implications.

 

NETWORK SECURITY OBJECTIVES

When considering networks, you can view them from different perspectives. For example, senior management might view the network as a business tool to facilitate the goals of the company. Network technicians (at least some) might consider their networks to be the center of the universe. End users might consider the network to be just a tool for them to get their job done, or possibly as a source for recreation.

 

Not all users appreciate their role in keeping data safe, and unfortunately the users of the network represent a significant vulnerability, in that they have usernames and passwords (or other credentials, such as one-time password token generators) that allow them access to the network.

 

If a user is compromised or an unauthorized individual gains access to data, applications, or devices for which they should not have access, the security of the network may still fail as a result, even after you apply all the required security concepts. So, an important point to remember is that the users’ behaviors pose a security risk and that training users is a key part of a comprehensive security policy.

 

CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY

Network security objectives usually involve three basic concepts:

 

1.     Confidentiality: There are two types of data: data in motion as it moves across the network; and data at rest, when data is sitting on storage media (server, local workstation, in the cloud, and so forth). Confidentiality means that only the authorized individuals/ systems can view sensitive or classified information. This also implies that unauthorized individuals should not have any type of access to the data. Regarding data in motion, the primary way to protect that data is to encrypt it before sending it over the network. Another option you can use with encryption is to use separate networks for the transmission of confidential data.

 

2.     Integrity: Integrity for data means that changes made to data are done only by authorized individuals/systems. Corruption of data is a failure to maintain data integrity.

 

3.     Availability: This applies to systems and to data. If the network or its data is not available to authorized users—perhaps because of a denial-of-service (DoS) attack or maybe because of a general network failure—the impact may be significant to companies and users who rely on that network as a business tool. The failure of a system, to include data, applications, devices, and networks, generally equates to loss of revenue.

 

Perhaps thinking of these security concepts as the CIA “triad” might help you remember them: confidentiality, integrity, and availability.

 

 

THE END

 

SECURITY STARTS WITH YOU AND ME

If you come to think about it, each and every one of us has a part to play in keeping the network we operate in safe. It has been known that most of the attacks that take place originate from the users in the organization than there are attacks from outside. A user machine can be infected with a malware unknowingly when that users goes to surf the internet and then the infected machine can now try to infect other machines in the organization.

 

Of course there should be a security policy and measures in place detailing how the machines and users in that given organization ought to be fortified with HIPS (Host Intrusion Prevention System) and the anti-virus program to prevent any attacks from spreading from one machine to all other machines in the network.

 

For those of you using your phones and computers to surf the Internet and you may or may not be part of any network, there is something for you to do too. The following information provides you with tips on what you can do personally to protect yourself even before joining any network whether you are using a smartphone, tablet or a PC.

 

We are going to show you how to install a free anti-virus software on both your computer and your Android Smartphone/Tablet.

 

INSTALLING AN ANTI-VIRUS SOFTWARE ON A PC

In this demonstration we are going to show you how to install Free Avast anti-virus on a windows machine.

 

 

Step 1: Go to your favorite search engine and type “Avast Free Download” and enter. You will be presented with the following screen.

 

Click on the first link and you will be taken to the following screen.

 

Step 2: Click on the “FREE DOWNLOAD” Button to start the download.

 

 

After you click the “FREE DOWNLOAD” button, your download will start automatically. If you have IDM like me, you will be prompted to download as shown below.

 

 

Click on the “Start Download” to download the program to your network. After it completes to download follow the normal process of installing a program, as shown below.

 

 

Step 3: Install the program.

 

 

After the installation completes, you will be asked to scan your computer. If you have never scanned your machine or it has been a while since you did, this is your time to do so.

 

Step 4: (Optional) Scan your machine for any issues

 

 

Click on the “RUN SMART SCAN” button to start scanning your computer. You will be presented with the following screen.  

 

 

 

Wait for the scan to complete. Avast will give you a summary of all the issues that were found. Follow the necessary buttons to solve those issues, such as deleting all the virus that may have been found. And THAT IS IT.

 

 

 INSTALLING AN ANTI-VIRUS SOFTWARE ON A SMARTPHONE

Step 1: First and foremost make sure that you are connected to the Internet and you have enough data bundles to download the software. Go to your phone’s Play Store App and launch it as shown below.

 

 

 

Step 2: In the Search space, type the word “Avast”. From the results shown below, choose the option “Antivirus & Security” as shown below.

 

 

 

Step 3: You will be presented with the following screen where you will be given an option to install the program. Click on the “INSTALL” button to download and install the antivirus on your phone.

 

 

 

Step 4: After you click the install button in the previous step you will be presented with the following screen where you will be asked to accept some of the things the antivirus needs access to as shown below. Click on the Accept button to continue.

 

 

 

Step 5: After you click “ACCEPT” in the previous step, the Application will download and install on your phone. After the installation is complete you will be presented with the following screen. Click on “OPEN” to start the application.

 

 

 

Step 6: After you click on “OPEN” in the previous step, you will be presented with the following screen where you are now all set and ready to use the App. Click to “GET STARTED” to continue.

 

 

 

Step 7: After clicking “Getting started in the previous step, you will be presented with the following screen where you will be asked whether to “UPGRADE” or “CONTINUE WITH ADS”. Since we want the free version where we don’t have to pay anything we are going to choose “CONTINUE WITH ADS” and continue.

 

 

 

Step 8: Next, you will be presented with a screen where you are now given the opportunity to scan your device. Click on “SCAN” to scan the device.

 

 

 

The process ends by Avast Antivirus scanning your phone and reporting any problems that it may find as shown below.

 

 

 

Remember always to have an antivirus installed either on your computer or your phone so that you can be able to thwart any threats that may be targeted at your phone or computer. STAY SAFE.

 

 

THE END

Go to top