DARWIN IT
IT Security
services
InfoSec, or information security, is a set of tools and practices that you can use to protect your digital and analog information. InfoSec covers a range of IT domains, including infrastructure and network security, auditing, and testing. It uses tools like authentication and permissions to restrict unauthorized users from accessing private information. These measures help you prevent harms related to information theft, modification, or loss.
Information Security vs Cybersecurity
Although both security strategies, cyber security and information security cover different objectives and scopes with some overlap. Information security is a broader category of protections, covering cryptography, mobile computing, and social media. It is related to information assurance, used to protect information from non-person-based threats, such as server failures or natural disasters. In comparison, cyber security only covers Internet-based threats and digital data. Additionally, cyber security provides coverage for raw, unclassified data while information security does not.
Confidentiality, Integrity and Availability (CIA Triad)
The CIA triad consists of three core principles – confidentiality, integrity, and availability. Together, these principles serve as the foundation that guides information security policies:
- Confidentiality: Information must only be available to authorized parties.
- Integrity: Information must remain consistent, trustworthy, and accurate.
- Availability: Information must remain accessible to authorized parties, even during failures (with minimal or no disruption)
Ideally, information security policies should seamlessly integrate all three principles of the CIA triad. Together, the three principles should guide organizations while assessing new technologies and scenarios.
Types of Information Security
When considering information security, there are many subtypes that you should know. These subtypes cover specific types of information, tools used to protect information and domains where information needs protection.
Application Security
Application security strategies protect applications and application programming interfaces (APIs). You can use these strategies to prevent, detect and correct bugs or other vulnerabilities in your applications. If not secured, application and API vulnerabilities can provide a gateway to your broader systems, putting your information at risk.
Much of application security is based on specialized tools for application shielding, scanning and testing. These tools can help you identify vulnerabilities in applications and surrounding components.
Infrastructure Security
Infrastructure security strategies protect infrastructure components, including networks, servers, client devices, mobile devices, and data centers. The growing connectivity between these, and other infrastructure components, puts information at risk without proper precautions.
This risk is because connectivity extends vulnerabilities across your systems. If one part of your infrastructure fails or is compromised, all dependent components are also affected.
Cloud Security
Cloud security provides similar protections to application and infrastructure security but is focused on cloud or cloud-connected components and information. Cloud security adds extra protections and tools to focus on the vulnerabilities that come from Internet-facing services and shared environments, such as public clouds
Cryptography
Cryptography uses a practice called encryption to secure information by obscuring the contents. When information is encrypted, it is only accessible to users who have the correct encryption key. Security teams can use encryption to protect information confidentiality and integrity throughout its life, including in storage and during transfer.
Endpoint Security
Endpoint security helps protect end-user endpoints such as laptops, desktops, smartphones, and tablets against cyberattacks. Organizations implement endpoint security to protect devices used for work purposes, including those connected to a local network and those using cloud resources.
An endpoint security solution examines processes, files, and network traffic on each endpoint for indicators of malicious activity.
Vulnerability Management
Vulnerability management is a practice meant to reduce inherent risks in an application or system. The idea behind this practice is to discover and patch vulnerabilities before issues are exposed or exploited. The fewer vulnerabilities a component or system has, the more secure your information and resources are.
Common Information Security Risks
Data Virtualization
Abstracting the technical details used in data management, such as location, performance or format, in favor of broader access and more resiliency.
Desktop Virtualization
Enables you to emulate a workstation load, rather than a server, allowing users to access the desktop remotely with enhanced security.
Network Virtualization
Combining available network resources by splitting up bandwidth into different channels, each being separate and distinguished.
Server Virtualization
Masking of server resources by simulating physical servers, changing their identity, numbers, processors and operating systems.
Storage Virtualization
Pooling hardware storage space from several interconnected storage devices into a simulated single storage device managed from one console.
Application Virtualization
Abstracting the application layer, separating it from the operating system, allowing applications to run in an encapsulated form.
Information Security Technologies
Firewalls
Firewalls are a layer of protection that you can apply to networks or applications. These tools enable you to filter traffic and report traffic data to monitoring and detection systems. Firewalls often use established lists of approved or unapproved traffic and policies determining the rate or volume of traffic allowed.
Security Incident & Event Management (SIEM)
SIEM solutions enable you to ingest and correlate information from across your systems. This aggregation of data enables teams to detect threats more effectively, more effectively manage alerts, and provide better context for investigations. SIEM solutions are also useful for logging events and reporting on events and performance.
Data Loss Prevention (DLP)
DLP strategies incorporate tools and practices that protect data from loss or modification. This includes categorizing data, backing up data, and monitoring how data is shared across and outside an organization. For example, you can use DLP solutions to scan outgoing emails to determine if sensitive information is being inappropriately shared.
Intrusion Detection System (IDS)
IDS solutions are tools for monitoring incoming traffic and detecting threats. These tools evaluate traffic and alert on any instances that appear suspicious or malicious.
Intrusion Prevention System (IPS)
IPS security solutions are similar to IDS solutions and the two are often used together. These solutions respond to traffic that is identified as suspicious or malicious, blocking requests or ending user sessions. You can use IPS solutions to manage your network traffic according to defined security policies.
Cloud Security Posture Management (CSPM)
CSPM is a set of practices and technologies you can use to evaluate your cloud resources’ security. These technologies enable you to scan configurations, compare protections to benchmarks, and ensure that security policies are applied uniformly.
User Behavioral Analytics (UBA)
UBA solutions gather information on user activities and correlate those behaviors into a baseline. Solutions then use this baseline as a comparison against new behaviors to identify inconsistencies. The solution then flags these inconsistencies as potential threats.
Endpoint Detection and Response (EDR)
EDR cybersecurity solutions enable you to monitor endpoint activity, identify suspicious activity, and automatically respond to threats. These solutions are intended to improve the visibility of endpoint devices and can be used to prevent threats from entering your networks or information from leaving.
Blockchain Cybersecurity
Blockchain cybersecurity is a technology that relies on immutable transactional events. In blockchain technologies, distributed networks of users verify the authenticity of transactions and ensure that integrity is maintained.
Information Security Best Practices
Require Strong Authentication for All Users
Compromised accounts enable threat actors to gain unauthorized access to digital assets. Organizations can prevent this threat by requiring strong authentication for all users.
Options include:
- Strong passwords: Threat actors employ various technologies that attempt to guess passwords or use common default passwords. Organizations can enforce strong password policies to prevent threat actors from using insecure passwords to compromise accounts.
- Multi-factor authentication (MFA): This security mechanism requires users to provide information (a PIN or biometric, for example) in addition to their username and password. MFA prevents threat actors from compromising accounts even if the actor knows the username and password.
Leverage Encryption
Encryption is the process of scrambling information to render it meaningless. Organizations often use encryption to protect information against unauthorized usage. It helps maintain the confidentiality of data at rest or in transit.
Main functions of encryption:
- Encoding: Encryption involves encoding a message to maintain its confidentiality.
- Verification: The encryption process uses authentication to verify the origin of a message.
- Integrity: Encryption processes maintain data integrity by proving the contents of a message did not change post-transmission.
- Nonrepudiation: Encryption prevents the data sender from denying they sent an encrypted message.
Automate Vulnerability Management
Automation facilitates rapid detection of critical vulnerabilities for systems in production and during the development process. Tools like static application security testing (SAST) and dynamic application security testing (DAST) check for vulnerabilities in proprietary code during development. Organizations can also use open source scanners to automatically inventory open source components and look for known vulnerabilities and potential weaknesses.
Conduct Penetration Testing
Penetration testing (pentesting) involves simulating a cyberattack to look for vulnerabilities and security weaknesses. It is an authorized form of ethical hacking performed to improve the organization’s security posture. There are various ways in which a pentest can take place. For example, external pentesting involves attempting to breach the network without prior knowledge of the architecture, while internal pentesting involves inspecting the source code to find vulnerabilities.
Using Cybersecurity Frameworks
Cybersecurity frameworks provide a structured set of guidelines on how to handle and manage potential threats to your digital and non-digital assets. They are comprehensive guides that provide organizations with an outline for managing cybersecurity risk. Some of the most widely adopted cybersecurity frameworks include the National Institute of Standards and Technology (NIST) framework, the International Organization for Standardization (ISO) 27001, and the Information Systems Audit and Control Association (ISACA) COBIT 5.
Employees Awareness Training
Threat actors often use social engineering techniques to trick employees into divulging sensitive and financial information, gain access to the organization, deploy malware, and launch other attacks. Awareness training helps inform employees in proper security practices and organizational policies, and secure coding training helps developers shift security to the left. Ideally, training should be a regular activity integrated seamlessly into the organization’s security culture.
Advanced Security Concepts
In your daily operations, many risks can affect your system and information security. Some common risks to be aware of are included below.
Social Engineering Attacks
Social engineering involves using psychology to trick users into providing information or access to attackers. Phishing is one common type of social engineering, usually done through email. In phishing attacks, attackers pretend to be trustworthy or legitimate sources requesting information or warning users about a need to take action.
Cryptojacking
Cryptojacking, also called crypto mining, is when attackers abuse your system resources to mine cryptocurrency. Attackers typically accomplish this by tricking users into downloading malware or when users open files with malicious scripts included. Some attacks are also performed locally when users visit sites that include mining scripts.
Man-in-the-Middle (MitM) Attack
MitM attacks occur when communications are sent over insecure channels. During these attacks, attackers intercept requests and responses to read the contents, manipulate the data, or redirect users.
Types include:
Session hijacking: attackers substitute their own IP for legitimate users
IP spoofing: attackers imitate trusted sources
Eavesdropping attacks: attackers collect information from communications
Advanced Persistent Threats (APT)
Advanced persistent threats are threats in which individuals or groups gain access to your systems and remain for an extended period. Attackers carry out these attacks to collect sensitive information over time or as the groundwork for future attacks. APT attacks are performed by organized groups that may be paid by competing nation-states, terrorist organizations, or industry rivals.
Distributed Denial of Service (DDoS)
DDoS attacks occur when attackers overload servers or resources with requests. Attackers can perform these attacks manually or through botnets, networks of compromised devices used to distribute request sources. The purpose of a DDoS attack is to prevent users from accessing services or to distract security teams while other attacks occur.
Insider Threats
Insider threats are vulnerabilities created by individuals within your organization. These threats may be accidental or intentional, and involve attackers abusing “legitimate” privileges to access systems or information. In the case of accidental threats, employees may unintentionally share or expose information, download malware, or have their credentials stolen.
Ransomware
Ransomware attacks use malware to encrypt your data and hold it for ransom. Typically, attackers demand information, that some action be taken, or payment from an organization in exchange for decrypting data. Depending on the type of ransomware used, you may not be able to recover data that is encrypted.
Advanced Security Concepts
Use MITRE ATT&CK
MITRE ATT&CK is a security framework created by the MITRE Corporation. It defines all component stages of the cyberattack lifecycle and provides information about techniques, behaviors, and tools involved in each stage of various attacks. The framework offers a standard vocabulary and practical applications to help security professionals discuss and collaborate on combating cyber threats. Security teams use this information to inform and improve the organization’s threat detection and response (TDR).
Log Management
Log management is a crucial aspect of Information security. Logs are records of events that occur within an operating system or software, and they can provide valuable information about potential security incidents. By effectively managing and analyzing these logs, organizations can identify patterns or anomalies that might indicate a security breach.
Moreover, log management helps with regulatory compliance, as many regulations require companies to maintain detailed logs of what occurs within their systems. Therefore, having a robust log management strategy is not just about enhancing security but also about staying compliant with legal and regulatory requirements.
Using a CVE Database
CVE stands for Common Vulnerabilities and Exposures. CVE is a glossary that tracks and catalogs vulnerabilities in consumer software and hardware. It is maintained by the MITRE Corporation with funding from the US Division of Homeland Security. It was created as a baseline of communication and common terminology for the security and tech industries.
The CVE glossary analyzes vulnerabilities and then uses the Common Vulnerability Scoring System (CVSS) to evaluate their level of severity. A CVE score is often used to prioritize vulnerabilities for remediation and response.
System Hardening
System hardening is the practice of reducing vulnerabilities in systems, applications, and infrastructure to minimize security risks. By eliminating potential attack vectors, organizations can reduce the attack surface. A basic system hardening practice involves removing redundant and unnecessary programs, ports, accounts functions, applications, permissions, and access.
Common types of system hardening include:
- Application security
- Network hardening
- Server hardening
- Database hardening
- Operating system hardening
Data Encryption: In Transit vs At Rest
Data is valuable regardless of whether it is being transferred between users or sitting on a server and must be protected at all times. How that protection is accomplished depends on the state of the data.
Data Encryption in Transit
Data is considered in-transit when it is moving between devices, such as within private networks, through the Internet, or from laptop to thumb drive. Data is at greater risk during transfer due to the need for decryption prior to transfer and the vulnerabilities of the transfer method itself. Encrypting data during transfer, referred to as end-to-end encryption, ensures that even if the data is intercepted, its privacy is protected.
Data Encryption at Rest
Data is considered at rest when it resides on a storage device and is not actively being used or transferred. Data at rest is often less vulnerable than when in-transit, due to device security features restricting access, but it is not immune. Additionally, it often contains more valuable information so is a more appealing target for thieves.
Encrypting data at rest reduces opportunities for data theft created by lost or stolen devices, inadvertent password sharing, or accidental permission granting by increasing the time it takes to access information and providing the time needed to discover data loss, ransomware attacks, remotely erased data, or changed credentials.
Common Criteria
Common criteria is not an encryption standard but a set of international guidelines for verifying that product security claims hold up under testing. Originally, encryption was outside the scope of CC but is increasingly being included in the security standards defined for the project.
CC guidelines were created to provide vendor-neutral, third-party oversight of security products. Products under review are submitted on a voluntary basis by vendors and whole or individual functionality are examined. When a product is evaluated, its features and capabilities are tested according to up to seven levels of rigor and compared to a defined set of standards according to product type.
insights
Key Security Concepts
Confidentiality and Integrity
The basic requirements of secure data exchange are confidentiality and integrity. Confidentiality means that unauthorized parties are prevented from reading data. In data exchange, confidentiality is provided through encryption and managing keys that allow access.
Main Types of Information Security Threats
- Malware attack
- Social engineering attacks
- Software supply chain attacks
- Advanced persistent threats (APT)
- Distributed denial of service (DDoS)
- Man-in-the-middle attack (MitM)
- Password attacks
Explain To Us The Issue
contact us
Find us Here
- 771 Windsurf Street
- Roodepoort, Gauteng
Training Hours
- Mon- Fri: 7am- 5pm
- Saturday: 9am-1pm