Understanding Threats And Vulnerabilities For Networks

June 29, 2022 Adeniyi Salau CYBER SECURITY 0

Understanding Threats And Vulnerabilities For Networks

 

 

In this article, I want to look at some of the facts that you need to know about threats and vulnerabilities for networks. Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

  • Assets – Anything of value to an organization that must be protected including servers, infrastructure devices, end devices, and the greatest asset, data.
  • Vulnerabilities – A weakness in a system or its design that could be exploited by a threat actor.
  • Threats – Any potential danger to an asset.

Identify Assets

As an organization grows, so do its assets. Consider the number of assets a large organization would have to protect. It may also acquire other assets through mergers with other companies. The result is that many organizations only have a general idea of the assets that need to be protected.

 

The collection of all the devices and information owned or managed by the organization are assets. The assets constitute the attack surface that threat actors could target. These assets must be inventoried and assessed for the level of protection needed to thwart potential attacks.

 

Asset management consists of inventorying all assets, and then developing and implementing policies and procedures to protect them. This task can be daunting considering many organizations must protect internal users and resources, mobile workers, and cloud-based and virtual services.

 

Further, organizations need to identify where critical information assets are stored, and how access is gained to that information. Information assets vary, as do the threats against them. For example, a retail business may store customer credit card information.
 
An engineering firm will store competition-sensitive designs and software. A bank will store customer data, account information, and other sensitive financial information. Each of these assets can attract different threat actors who have different skill levels and motivations.

Identify Vulnerabilities

Threat identification provides an organization with a list of likely threats for a particular environment. When identifying threats, it is important to ask several questions:

PEOPLE ALSO READ:  Securing Communications In Cyber Security: How ?

The threat identification for an e-banking system would include:

  • Internal system compromise – The attacker uses the exposed e-banking servers to break into an internal bank system.
  • Stolen customer data – An attacker steals the personal and financial data of bank customers from the customer database.
  • Phony transactions from an external server – An attacker alters the code of the e-banking application and makes transactions by impersonating a legitimate user.
  • Phony transactions using a stolen customer PIN or smart card – An attacker steals the identity of a customer and completes malicious transactions from the compromised account.
  • Insider attack on the system – A bank employee finds a flaw in the system from which to mount an attack.
  • Data input errors – A user inputs incorrect data or makes incorrect transaction requests.
  • Data centre destruction – A cataclysmic event severely damages or destroys the data centre.

Identifying vulnerabilities on a network requires an understanding of the important applications that are used, as well as the different vulnerabilities of that application and hardware. This can require a significant amount of research on the part of the network administrator.

Identify Threats

Organizations must use a defence-in-depth approach to identify threats and secure vulnerable assets. This approach uses multiple layers of security at the network edge, within the network, and on network endpoints.
  • Edge router – The first line of defence is known as an edge router (R1 in the figure). The edge router has a set of rules specifying which traffic it allows or denies. It passes all connections that are intended for the internal LAN to the firewall.
  • Firewall – The second line of defence is the firewall. The firewall is a checkpoint device that performs additional filtering and tracks the state of the connections. It denies the initiation of connections from the outside (untrusted) networks to the inside (trusted) network while enabling internal users to establish two-way connections to the untrusted networks. It can also perform user authentication (authentication proxy) to grant external remote users access to internal network resources.
  • Internal router – Another line of defence is the internal router (R2 in the figure). It can apply final filtering rules on the traffic before it is forwarded to it’s destination.
PEOPLE ALSO READ:  Risk Management In Cybersecurity: Facts To Note

Routers and firewalls are not the only devices that are used in a defence-in-depth approach. Other security devices include Intrusion Prevention Systems (IPS), Advanced Malware Protection (AMP), web and email content security systems, identity services, network access controls and more.
In the layered defence-in-depth security approach, the different layers work together to create a security architecture in which the failure of one safeguard does not affect the effectiveness of the other safeguards.

The Security Onion and The Security Artichoke

There are two common analogies that are used to describe a defence-in-depth approach.

 #1 Security Onion

A common analogy used to describe a defence-in-depth approach is called “the security onion.” a threat actor would have to peel away at a network’s defences layer by layer in a manner similar to peeling an onion. Only after penetrating each layer would the threat actor reach the target data or system.
Note: The security onion described on this page is a way of visualizing defence-in-depth. This is not to be confused with the Security Onion suite of network security tools.

#2 Security Artichoke

The changing landscape of networking, such as the evolution of borderless networks, has changed this analogy to the “security artichoke”, which benefits the threat actor.
As illustrated in the figure, threat actors no longer have to peel away each layer. They only need to remove certain “artichoke leaves.” The bonus is that each “leaf” of the network may reveal sensitive data that is not well secured.
For example, it’s easier for a threat actor to compromise a mobile device than it is to compromise an internal computer or server that is protected by layers of defence. Each mobile device is a leaf. And leaf after leaf, it all leads the hacker to more data. The heart of the artichoke is where the most confidential data is found. Each leaf provides a layer of protection while simultaneously providing a path to attack.
Not every leaf needs to be removed in order to get at the heart of the artichoke. The hacker chips away at the security armour along the perimeter to get to the “heart” of the enterprise.
While internet-facing systems are usually very well protected and boundary protections are typically solid, persistent hackers, aided by a mix of skill and luck, do eventually find a gap in that hard-core exterior through which they can enter and go where they please.

PEOPLE ALSO READ:  Transport Layer Session Establishment: How It Is Done
 
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

     

Fact Check Policy
Contact Us

 

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave
truehost
telegram
CRMNuggets Whatsapp Channel

Related Posts:

About Adeniyi Salau 1549 Articles
Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Be the first to comment

Leave a Reply

Your email address will not be published.


*