It seems like every
day that there is some new security threat to that the computer
systems that we rely upon. Those of us that are responsible for
maintaining and ensuring security of systems need to be aware of how
to approach these advanced threats. This article describes five
important concepts to assist with keeping your computer systems
secure.
#1Understand Your System
When you start the
engine of your car you know how it _should sound. If there is a noise
you do not recognize it sets of alarms that you mentally proceed with
to decide on the next course of action. In the same way we can
approach all our systems in the same manner. For example if you run
the top command on any server what is the expected memory and CPU
usage.
For any system
unless you _know what is expected on your system its difficult to
recognize when there is an issue.
#2 Principle of least privilege
This is a principle
that has been around a long time but is vital to ensuring systems do
not get compromised. In essence this principle means that a user is
_only given the rights required to perform a job and no more. For
example a backup use should only be allowed to have rights to backups
and not for example to install software.
Other options can
exist for users like using sudo or even providing a VM that a user
can use for performing certain operations. For some situations using
chroot or a jail environment may mitigate some effects for
privilages.
#3 Defence in protection rings
For security having
multiple layers of protection is vital. Often called protection rings
these are methods to protect data by having many layers of security.
Looking back to medieval times castles had many levels of defences
e.g. moats, high locations, portcullis etc. Its important to have
more than one defence e.g. not just a firewall or anti virus.
An example of 4
rings of defence are :
A). Block network
based attacks
B). Block host based
attacks
C). Eliminate
security vulnerabilities : this will include removing any unrequited
services which in turn reduces the attack surface
D). Safely support
authorized users
#4 Detection is vital
In the end having
all the defences in the world is one thing but detection is a must.
The difference between one hour and one moth for a detection of a
breach in your system is massive. Having an Intrusion Detection
System (IDS) is like having a burglar alarm for your computer
network. It monitors the flow of traffic and enables information
systems to deal with the attacks. This system protects your
environment by identifying, logging, reporting and sending alarm
whenever there is a probe.
#5 Know your enemy
We can try to guess
what hackers are attempting to get up to in our systems but knowledge
is power. To stand any chance of protecting your system you need to
- First understand know who your enemies are
- First understand know who your enemies are
- How they might
they attack
- When they might
attack
- Potentially most
important of all, why they attack.