Securing the network (part 2) #CyberSecMonth

by | Nov 12, 2018 | CyberSecMonth, News & Events

We conclude this third week of CyberSecMonth with the second and last part of our cyber advice on network security. Although we have already gone through half of the ANSSI hygiene guide, we still have many aspects of cybersecurity to discuss! First of all, let’s finish this part on network security.

The European CyberSecurity Challenge 2018, a successful challenge?

The French team quickly positioned itself in the top three on the first day of competition. Finally dethroned in the middle of the day, France was able to establish itself as a major player in the competition. The French team again took first place on the second day, the end of the competition was extremely tough and the scores were very close. Germany will finally finish first in this competition, but we can still congratulate our French team who finished second on the podium, an impressive performance for its first participation. The revenge will take place in 2019 in Romania!

Partitioning, protecting and controlling: the secrets of a secure network

Internet access has become almost indispensable in a professional context. Unsecured access to the Internet can become the source of many problems: malicious code, downloading dangerous files, taking control of the terminal, leaking sensitive data, and many other threats. Securing the organization’s network therefore means ensuring the integrity of the information system!

To better protect themselves, organizations must be more than vigilant about connecting to the Internet. It is important to set up “barriers”, whether to access the network or between workstations, to ensure the security of the system and to be able to act more easily in the event of a cyber attack.

Adopt the right reflexes:

Dissociate the services visible from the Internet from the system:

Hosting services visible on the Internet internally is a practice that requires a lot of vigilance on the part of the organization. Indeed, administrators must be able to guarantee a high level of protection. If the organization cannot do this, it can still use outsourced hosting for its services visible on the web.

Internet hosting infrastructures must be physically partitioned from all other system infrastructures. It is also recommended to set up an infrastructure for interconnecting these services with the Internet to filter the flows related to these services from the entity’s other flows. These flows must imperatively pass through a reverse proxy server with many security mechanisms embedded.

Professional messaging, a channel to prioritize:

Messaging is the main vector of infection in the workstation, particularly when opening attachments containing malicious code or clicking on a link that redirects to an equally malicious site. Beyond an awareness phase to be conducted internally, it is necessary to check the authenticity of the message through another channel (telephone, SMS, etc.) in case of doubt.

The redirection of professional messages to a personal message is to be avoided since this practice represents a data leak. A remote access solution to professional messaging is a good alternative against this problem. In case of hosting the email system it is important to have an antivirus scanning system to prevent the reception of infected files but also to activate TLS encryption of exchanges between email servers as well as between user workstations and hosting servers.

Remain vigilant about partner relationships:

Organizations sometimes need to establish a dedicated network interconnection with a supplier or customer, especially to exchange data. These exchanges must pass through a private network or a site-to-site tunnel (Ipsec). By principle, partners cannot be considered secure and secure, so it is essential to perform IP filtering with a firewall as close as possible to the flow entries on the entity’s network. The flow matrix should be reduced if necessary for operational purposes, maintained and equipment should comply with it.

Do not forget the physical security of the entity:

Physical security mechanisms are also part of an organization’s security strategy. It is important to put in place adequate physical security measures and to continually raise awareness among users of the risks associated with circumventing rules. In addition, network outlets in public areas should be restricted or even disabled if possible to prevent intrusion.

The access to server rooms and other technical rooms must be secured with secure locks and badge systems. Unaccompanied access by external service providers should be prohibited or, failing that, access should be traced and limited to strict time slots. It is important to regularly review access rights in order to identify unauthorized access or to update them (departure of an employee, change of service provider, etc.). In short, you need to know your information system in order to be able to control access to your infrastructure.

How to apply these solutions?

Securing the computer network is not easy without special skills. To act effectively, you need good methodologies and appropriate tools. Tools can be obtained easily and quickly, unlike methodologies that are more complex to address. These methodologies can be obtained through the internal training plan or with the assistance of an expert such as Tranquil IT.

The first step we recommend is to contact a PASSI to carry out a complete audit of your fleet. They are classified into different categories:

  • Architecture audit
  • Configuration audit
  • Source code audit
  • Intrusion test
  • Organizational and physical audit

ANSSI certifies the audit bodies on each of these criteria individually. Not all PASSI are qualified for all criteria, refer to the PASSI list for more information. Once your audit is complete, we can help you apply the audit body’s recommendations to secure your network.

Take advantage of our expertise

Tranquil IT has 15 years of expertise in the local network security sector. We can easily help you to apply the recommendations of an Information Systems Security Audit Service Provider (PASSI). We combine our DevSecOps methodologies with a combination of tools that we master to act efficiently and securely on a fleet. We therefore use SRP (Software Restriction Policies) to establish security barriers, Samba Active Directory for user rights management and WAPT for application control to ensure the security of your IT assets.

Do you need to keep your computer equipment up to date?

What you shouldn’t have missed:

Who to follow during #CyberSecMonth?

Articles not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag : #TousSecNum, #CyberSecMonth, #ECSM2018 et #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.

Tranquil IT is referenced to the UGAP

Tranquil IT is referenced to the UGAP

Tranquil IT is now referenced to the UGAP through the multi-publisher contract carried by SCC. Behind all these somewhat bureaucratic terms is very good news for those who want to buy the innovative products and services offered by Tranquil IT. What does that mean? In...

Supervise, audit, react #CyberSecMonth

Supervise, audit, react #CyberSecMonth

This is already the end of the 2018 edition of CyberSecMonth, we hope that you will continue to raise awareness and remain vigilant about the challenges of digital security. On our side, we would like to conclude our CyberAdvice by sharing with you a latest graphic...