Saturday, March 7, 2009

Information Security Breach - Minimize Points of Entry to the Network

Information Security Breach can be referred to as the compromise with Confidentiality of Data / Information with an Unauthorized and Unwarranted access. However a breach might not always result in Data Theft, but as the Information Guardian, the Information Security Team of an organization must vigilantly secure access to the Information Assets hosting/processing critical information including Personally Identifiable Information (PII) of customers, vendors, employees and other associated entities, Card Holder Data (ChD, that includes, PAN, Expiry Data, Name as on Card and other such information as identified under PCI-DSS v 1.2).

The Information Security Team and the IT operations team must be aware of the Security Scams and the methods that may be used to attempt and effect the Breach.  General methods deployed for the purpose are - 
  • Theft of Physical Equipment/s
  • Social Engineering
  • Phishing
  • Hacking
  • DoS, DDoS, Ping of Death, Syn Flood Attack
  • Defacement of Website
  • URL / IP redirects (also referred as Pharming, normally is man-in-middle attack)
  • Malware implants (trojans, worms, viruses to capture keyboard inputs, sniff network activity etc)
To reduce the chance and to reduce the impact of any breach, it is always a good practice to identify the entry points to the corporate network and reduce them to the minimum.  With minimized entry points the steps that must be taken to reduce the impact of any attempt or breach therein are - 
  • Firewall / IDS / IPS and System logs must be reviewed on a regular basis to identify any sign of security Breach or attempt therein
  • Consider deployment of an effective event-correlation mechanism to help you in root cause analysis and establishing the entry point and the probable target system.
  • Ensure that the Mobile Equipments are configured with Data Security and Protection measures like File / Hard Disk encryption
  • Employee awareness must be maintained with regards to the procedures for reporting suspicious activities, system issues, mails etc
  • Engage Interaction with external parties (Law Enforcement, Security Consultants, Industry Associations etc) to be informed about the porabable or possible Security Breach
The steps discussed above are just the preliminary steps and organizations need to do more than just guarding the gates / entry points. 

I would discuss the road ahead in next post.

Regards
Mayank Trivedi
E-mail - mayank.a.trivedi@gmail.com
Being Proactive Saves Time and Money

No comments: