Recently “Software Company” hire me to perform a security risk assessment audit, “Software Company” want it me to determine the value of its assets and the current physical and network security risks.
I started using a passive network sniffer on the network backbone to show the frequency if any of remote access attempts and probes, I quickly realize that “Software Company” it’s at risk.
Why “Software Company” would want to perform this type of risk assessment?
Computer crime will cost a company thousands of dollars, this price not includes loss of business when public finds out “Software Company” information was compromise. Yet companies still drag their feet on proactive physical and network security. I can stress enough how important security is, not only that business reputation, revenue and profits will be impact, especially if there’s a widespread report that your information has been compromised.
After my initial check with a network sniffer, I generated a risk report by using a high-profile tool to attack your network from the outside and found plenty of the recommended security layers of protection in place.
Firewalls, email filtering, IDS, and IDP systems protect the perimeter and critical network segments. Hardened servers, anti-malware and carefully managed access controls protect individual devices as deperimeterization increases.
But these controls are ineffective for the most part, activity, of successful or unsuccessful, that indicates that one or more controls might have failed was visible. This kind of information was easily access in large part by security log management. Security logs contain information relevant to security management are generated by many sources, including:
- Intrusion detection and prevention systems
- Anti-malware systems, especially centrally managed solutions with aggregated reporting
- Operating systems
We recommend that administrators read looks on a daily basis and not wait until there’s a security incident and have them check for:
- Password hacking
- Large numbers of login failures
- Malware attacks
- Port scans
- Denial of service attacks
- Excessive errors on network devices
- Policy violations
- Fraudulent activities
- Operational problems
- Regulatory compliance issues
- Ensure all antivirus software at all points of entry is updated regularly.
- Require all desktops have antivirus detection
- Scan all files on command or access
- A provision against downloading files from the Internet
- Assign each staff member a virus or form of attack to research and monitor.
- Require that at least one member of your staff attend a security conference.
- Make sure you’re familiar with what sort of support and help your antivirus vendor offers. Most offer some advice and support for top-tier customers.
- Create an outbreak checklist that delineates how your staff will recover after an outbreak, The checklist should outlines each step needed to mobilize your staff during an outbreak and how to update servers within 90 minutes.
The challenges to log review can be overwhelming to many businesses. Logs are continuously growing, are located in many silos, and the staffing and skills necessary to make sense from all the information collected is unavailable. Security Log Management helps with the process of aggregating, correlating, and reacting to information captured in logs across an enterprise.
Recommendations are as follow,
Implementing the right log management solution, whether in-house or from a managed security services provider, is the best way to ensure log analysis provides the best picture of network activity. Log management is an essential part of any security program. Without the visibility it provides, a security manager lacks the ability to proactively address potential weaknesses in security controls—while reacting blindly to security incidents.
Implement an offsite backup solution, and test it on the regular basis. You want to test how long it takes for a full backup and incremental backups to be perform, you want to test a full data recovery time and check after the restore if the data is intact or no loss of data is found.
Physical security is very important, only authorize, trained personnel need to have access to the machines and or data. Make them sign a network user agreement.