课题概述
如果你是网络安全领域的新手, 你可能想知道从哪里开始, 怎么做?, 你需要什么?, 以及你为什么需要它. In most cases, starting with the following basics can greatly reduce your overall risk.
This is the bedrock 和 fundamental foundation of every successful security program. Having a solid asset inventory depends on a few simple things: knowing what assets you have, 他们在你的网络中处于什么位置, 它们包含什么样的软件和配置, 以及哪些用户和系统可以访问它们.
从安全的角度来看,什么是“资产”? For starters, any kind of network-accessible electronic system, including (but not limited to):
如果您的资产清单存在漏洞,那么您的安全程序也可能存在漏洞. If you require that all laptops have full-disk encryption enabled on them before your IT team gives them to employees – but you 和 your IT team don’t know about the five new laptops that your HR team just purchased using a corporate credit card – they likely won’t get encrypted (until someone finds out about it).
Network 和 脆弱性管理 solutions can help maintain 和 identify gaps in your organization’s asset inventory. Using a combination of network scans 和 endpoint agents can help provide rich, 资产清单的近实时数据.
任何好的安全程序都是从多因素身份验证(MFA)开始的 安全意识培训 用于访问关键的个人或业务数据. 认证的形式分为三类:
Passwords are fundamentally flawed 和 can be easily stolen via phishing attacks, 密码猜测攻击, 和恶意软件. 只需使用密码来保护您的数据, 攻击者只需要跳一圈就可以破坏您的帐户. Requiring multiple forms of authentication for users makes gaining user credentials – 和 therefore access – much more difficult 和 expensive for attackers.
One important thing to note here is that requiring two forms of authentication from the same category will not suffice from a security perspective. 例如, if you require users to enter a password 和 then answer a security question – such as “what’s your mother’s maiden name?——这不算双因素认证.
Since those are both “something you know,” it’s simply single factor authentication, twice. Requiring a password (something you know) 和 then a six-digit code generated by an app on a smartphone (something you have) does count, 然而.
简单地说, 补丁管理 means making sure all of your software is up to date, installed, 和 configured correctly. 这包括获取、测试和安装补丁.e. 软件更新)到您组织的系统和设备.
为了有效地做到这一点, 您需要不断了解可用的补丁, 确定哪些系统需要哪些组件, 监督其安装, 并在补丁后测试问题. 这通常是作为IT和DevOps团队之间的伙伴关系来处理的, 而不是安全团队.
补丁管理密切相关 脆弱性管理, the process of determining whether you have any vulnerabilities in your IT environment. There are three elements behind 补丁管理: prioritizing vulnerability remediation, 评估补偿控制(1).e. 降低漏洞风险的现有安全技术或系统), 确保补丁安装正确.
Here’s why these elements matter: 应用ing a patch will sometimes break another part of the software you’re using, 弊大于利. Underst和ing this inherent risk will play a large role in how you prioritize which patches to 应用.
In the event a patch does break software – requiring you to remove the patch – then having compensating controls in place will make it harder for an attacker to exploit vulnerabilities that reemerge. An example of a compensating control would be implementing firewall rules that limit the number of systems that can communicate with a not-easily-patched vulnerable system.
以帮助减轻潜在的影响, it’s a good idea to test patches on non-critical systems or in test environments that mirror your production environment.
权力下放 disseminates data across your networks 和 cloud services to ensure that if one user or server in your organization’s network is compromised, 攻击者不一定能够访问存储在其他地方的公司数据.
例如, if an attacker finds a way into one of your office’s internal file-share systems in a decentralized environment, they’ll likely only be able to access that office’s shared files but not necessarily all of the files in your cloud-storage provider. 然而, 如果您有一个集中式环境,并且攻击者破坏了一台服务器, they may find ways to easily move from that server to additional company systems 和 data, 比如电子邮件服务器, 财务报表, 或者用户目录.
去中心化提供了两个好处:
如果你有一个小的安全团队, it can be incredibly difficult to monitor the dozens of cloud applications your company uses. 幸运的是, well-established cloud-service providers invest heavily in their own security teams 和 programs focused on in-depth protection of their environment.
Keeping the vendor’s application separate from the rest of your network allows your security team to focus on your organization’s core environment, while the vendor’s security team can focus on protecting the application or service they host on your behalf.
如果一个供应商应用程序在分散的环境中受到损害, 这意味着数据泄露的影响仅限于该应用程序或供应商.
Doing this makes it more difficult – but not impossible as seen in recent breaches – for an attacker to access the rest of your systems 和 information. 攻击者就越难到达中央服务器, 他们就需要在袭击中投入更多的时间和金钱, 他们就越有可能放弃它或被抓住.
This is the process of determining which of your network systems 和 devices need to talk to each other, 然后只允许这些系统相互通信,不允许其他的.
例如,假设一名护士在医院的笔记本电脑上工作. 在安全分段的网络中, 这种笔记本电脑只能与一两个其他系统通信, such as a print server (for printing patient records) 和 the patient record application itself. 然而, in a “flat network” – a network with no segmentation between systems – this laptop could talk to every other system on the network. 如果攻击者入侵了笔记本电脑, they’ll be able to attack those systems through completely unchecked lateral movement.
有效地分割你的网络, 盘点你最重要的资产是很有必要的, 了解他们在你的网络中的位置, 以及可以访问它们的特定系统和用户. If the assets are accessible by more than those systems 和 users, that should be remedied.
最小化系统或应用程序的总体攻击面, 尝试始终基于的原则授予访问权限 最低权限访问(LPA). You’ll also need to ensure nothing on the network is able to communicate directly to your database servers, 关键应用程序数据通常存储在哪里.
一旦您整合了这些基本的最佳实践, attackers will likely find it more difficult to move freely around your network. +, 攻击的成本和时间越长, 攻击者就越有可能放弃攻击或被抓住.