How to prevent network attacks?
The issue of cyber security is addressed by every institution that works with sensitive data. Securing the network to prevent information leaks is not an easy task. In today's article, we'll pick up on the topic of infrastructure security recommendations and introduce the measures recommended for stations and servers.
_w1693q90.webp "How to prevent network attacks?")
The US National Aeronautics and Space Administration (NASA) experienced a cyber attack in April 2018. The Raspberry Pi device that the attacker used to infiltrate was not approved for network connectivity and did not pass a security check. It took almost a year to discover it. As a result, NASA leaked 500 MB of data related to the Mars mission. So how do we prevent similar situations from happening again?
Keep your operating system and software up to date
Use regular updates and apply all released security patches as soon as possible. You should always make sure that your operating system version is up to date. Also regularly check that the version of the software you install is up to date and perform updates. The versions of add-ons, modules or device firmware used may also be out of date. Also avoid using unsupported products.
Verify the identity of applications and files
Only allow trusted applications and files, including scripts and DLLs. In a Windows environment, use Device Guard, AppLocker, or Software Restriction Policy (SRP).
Use general prevention mechanisms
They can help protect the system from zero-day vulnerabilities such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), or SELinux on Linux systems.
Activate IDS/IPS systems on endpoints
IDS/IPS systems detect anomalous behavior such as code injection into other processes, modification of protected registry keys, keystroke interception, loading unknown drivers, attempting to ensure persistence, and more.
Provide a centralized system for logging events on stations and servers
Centralize a successful and failed event logging system that will be time-synchronized across the network and automatically evaluate logs immediately. We recommend storing event logs for a minimum of 18 months, more depending on local circumstances and the importance of the system.
Filter email content
After a thorough analysis of user behavior, determine the types of files they need to send via email. Block other attachment formats, especially executable code. Also, verify that the file extension matches the actual file format.
Backup regularly
Don't forget to regularly back up important and sensitive data, such as the contents of your web server, databases or service configuration. Regularly test that backups are working and can be restored.
Use keys, not passwords, to log in
To administer servers using SSH, use keys for login. To bind the key fingerprint to the server on which it is used, use SSHFP records in DNS ideally in combination with DNSSEC to ensure the authenticity of the response containing the SSHFP record. Disable passwords.
And that's not all. Other measures you should follow on your workstations and servers include implementing a Standard Operating Environment (SOE), preventing workstations from directly accessing the Internet, anti-virus and security software, encrypting disks, using a Trusted Platform Module (TPM), setting UEFI/BIOS passwords, enforcing secure boot, protecting against password attacks, performing hardening of server application configurations, checking portable media, restricting access to Server Message Block (SMB) and NETBIOS, searching for potentially malicious anomalies in MS Office documents, enforcing VPN dialing, and last but not least, ensuring the physical security of IT equipment.
How do you go about not ending up like the experts at NASA? Contact us, we've got your cybersecurity covered.