Keith Smith - Think Ahead. Learn More. Solve Now!

Security

Keith Smith - Think Ahead. Learn More. Solve Now! > Security

Applying a “Defense-in-Depth” Strategy

Monday, May 22, 2017 - Posted by Keith A. Smith, in Network, VMware, Microsoft, Linux, Security

IT Teams and Staff can effectively maintain physical and information security with a “defense-in-depth” approach that addresses both internal and external threats. Defense-in-depth is based on the idea that any one point of protection may, and probably will, be defeated. This approach uses three different types of layers (physical, electronic, and procedural) and applies appropriate controls to address different risks that might arise in each.
 
The same concept works for both physical and network security. Multiple layers of network security can protect networked assets, data and end points, just as multiple layers of physical security can protect high-value physical assets. With a defense-in-depth approach:  

System security is purposely designed into the infrastructure from the beginning. Attackers are faced with multiple hurdles to overcome if they want to successfully break through or bypass the entire system. 
A weakness or flaw in one layer can be protected by strength, capabilities or new variable introduced through other security layers. 

Typical defense-in-depth approaches involve six areas: physical, network, computer, application, device and staff education.

1. Physical Security – It seems obvious that physical security would be an important layer in a defense-in-depth strategy, but don’t take it for granted. Guards, gates, locks, port block-outs, and key cards all help keep people away from systems that shouldn’t touch or alter. In addition, the lines between the physical security systems and information systems are blurring as physical access can be tied to information access. 

2. Network Security – An essential part of information fabric is network security and should be equipped with firewalls, intrusion detection and prevention systems (IDS/IPS), and general networking equipment such as switches and routers configured with their security features enabled. Zones establish domains of trust for security access and smaller virtual local area networks (VLANs) to shape and manage network traffic. A demilitarized zone between public resources and the internal or trusted resources allows data and services to be shared securely. 

3. Computer Hardening – Well known (and published) software vulnerabilities are the number one way that intruders gain access to automation systems. Examples of Computer Hardening include the use of: 
Antivirus software
Application whitelisting
Host intrusion-detection systems (HIDS) and other endpoint security solutions
Removal of unused applications, protocols and services
Closing unnecessary ports

Software patching practices can work in concert with these hardening techniques to help further address computer risks that are susceptible to malware cyber risks including viruses and Trojans etc.

Follow these guidelines to help reduce risk:
Disable software automatic updating services on PCs
Inventory target computers for applications, and software versions and revisions
Subscribe to and monitor vendor patch qualification services for patch compatibility
Obtain product patches and software upgrades directly from the vendor
Pre-test all patches on non-operational, non-mission critical systems
Schedule the application of patches and upgrades and plan for contingencies 

4. Application Security  – This refers infusing system applications with good security practices, such as a Role Based Access Control System,Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible which locks down access to critical process functions, force username/password logins, combinations, Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible and etc. 

5. Device Hardening – Changing the default configuration of an embedded device out-of-the-box can make it more secure. The default security settings of PLCs, PACs, routers, switches, firewalls and other embedded devices will differ based on class and type, which subsequently changes the amount of work required to harden a particular device. But remember, a chain is only as strong as its weakest link. 

6. Staff Education - Last but not least it’s important to talk to staff about keeping clean machine, the organization should have clear rules for what employees can install and keep on their work computers.  Make sure they understand and abide by these rules. Following good password practices is important a strong password is a phrase that is at least 12 characters long. Employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.  


Educating Employees at least once a year is important
Training employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online.

Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.


-End

View Comments 1 Comments
Share Post   


Full list of Failure Reasons for event 4625

Wednesday, April 19, 2017 - Posted by Keith A. Smith, in Security

Windows Domain Controller - Event Viewer Security Status and Sub-Status values



SUB_STATUS


DESCRIPTION
0XC000006D This is either due to a bad username or authentication information
0XC000006D This is either due to a bad username or authentication information
0XC000006E Unknown user name or bad password.
0XC000006E Unknown user name or bad password.
0XC0000193 account expiration
0XC000006E Unknown user name or bad password.
0XC000006D This is either due to a bad username or authentication information
0XC000006D This is either due to a bad username or authentication information
0XC000018C

The logon request failed because the trust relationship between the primary domain and the trusted domain failed.

0XC000005E

There are currently no logon servers available to service the logon request.

0XC00000DC

Indicates the Sam Server was in the wrong state to perform the desired operation.

0XC0000224 A user is required to change password at next logon
0XC0000192

An attempt was made to logon, but the netlogon service was not started.

0XC0000413

Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine.


-End

View Comments 0 Comments
Share Post   


Evernote snooping

Wednesday, December 14, 2016 - Posted by Keith A. Smith, in Security

Evernote announced an upcoming change to its privacy policy that would allow company employees to “exercise oversight of machine learning technologies applied to account content” to improve the service.


Evernote’s privacy changes will take effect Jan. 22, 2017 and users are threatening to abandon the service. A few years ago Dropbox also made changes to it's privacy policy to allow it's staff to snoop around in your stuff.


The policy changes have to do with machine learning, which Evernote says it is using to “help get you the most out of your Evernote experience.”  


According to the company’s policy update notice, "Only employees who are fulfilling one of the customer or business needs... will be able to access your data.” Evernote claims a limited number of employees who have undergone background checks will be able to access user data and that users can encrypt notes to prevent employees from reading them.


I said it once, and I'll say it again if you upload data, virtual machines, etc. to any cloud provider you essentially have transferred ownership of that data the cloud provider simply allows you to access it. It is imperative that everyone implement encryption and Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible. 


I also recommend that everyone use the EULAlyzer to analyze end user license agreements for interesting words and phrases in order to make sense of the nonsensical agreements.


-End

View Comments 0 Comments
Share Post