Protect Your Network by “Thinking Like a Thief”

September 15, 2017 | Views: 3224

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Protect  your network system:

Kenya, like any other developed nation, is faced with increasing cyber security threats targeting core business functions for both the government and the private sector. Recent attacks on  Kenyan Banks, the Government tax collector, the IEBC systems, the rise of cyber bullying and the recent global attack by WannaCry ransomware, surely indicate that some awareness must be created in Kenya.

I recently attended career talk in one of the high schools in Kenya, and a student rose and asked the panel on how to become a hacker. The ministry of ICT, ICT Authority and the Communications Authority of Kenya have not done much to come up with proper mitigations measures or implementable policies to drastically reduce the trending cyber security problems. Countries that form global villages normally set aside a lot of money to invest in ICT infrastructure and systems, but little investment goes into network security or systems security and auditing purposes.

Organizations must always think like a thief to protect their systems. The best criminal investigators or “spies” are those who possess the ability to “get inside the mind” of a lawbreaker. Network or system intrusion detectives will find the same true – to prevent your network or systems from hackers or “data thieves” you must adopt a mindset emulating theirs.

Anticipate the intruder’s actions, know the systems being protected and to what degree. Most “well to do  Kenyans” not only establish a general security perimeter by building fences around their houses, and locking both doors and windows, but they also place the most valuable items in a wall or floor safe. In simple terms, such setups provide multiple layers of protection. This concept/practice is referred to as defense in depth in network security and auditing.

Your organization’s network security should be based on possible threats, vulnerabilities and possible attacks towards your system, thus forms an intrusion triangle. Certain criteria must exist before a crime occurs. The intrusion triangle translates to a network security breach. Motive, means, and opportunity must exist for your system to be hacked. Intruders must have a reason to breach your network even if the reason is just for fun. Intruders must have the ability of either programming knowledge or in the case of “script kiddies” the intrusion software written by others to be able to breach or threaten your security system. Opportunity, the intruder must have the chance to enter the network either because of flaws in your security plan, holes in software’s program then open in an avenue of access or physical proximity to the network components. If the opportunity is not available they will go elsewhere.

Network administrators or security specialists are unlikely to remove intruder’s motive. Motives are built into the type of data you have. You cannot also prevent the “means” to interfere with your system’s software if they are free and the programmers are experienced. You can only deny the hackers the opportunity. Don’t make it easy for them.

For organizations, the best way to improve your security is to implement defense in depth technique, properly configure your server, preferably  ISA server to meet your requirements. Ensure you control physical access to the computers and your network. Adopt network and systems audit policies, plan on risk management and mitigation areas and address by implementing security objectives. Protects your servers, keep work stations secure, consider security threats related to wireless media, portable computers, security risks related to data in hard copies and recognize the security risks involving the use of CDs, tapes, Flash disks or all removable media storages.

It is important to know your system users at all levels, educate your users on security risks, control your users in terms of access rules to prevent unauthorized packets from being sent or received over the network. Adopt ICT_HR implementable policies.

 Bob Lamech Ogolla (Greetings from Kenya) 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel