It’s a brand spanking new year! 2018, baby! Woo!
365 days of UNLIMITED possibilities. Okay, okay, enough of that, we all know 2018 will be just like 2017 or 2016 before it. Ups, downs, surprises both pleasant and un.
But, besides all the tropes associated with New Year’s resolutions (you won’t go to the gym as often as you keep telling everybody you will), the start of a New Year makes us remember there might be a little room in our lives for self-improvement. The new year puts us in a mindset of positivity and optimism and gives us the feeling we can make changes for the better.
So, you might be wondering, especially after we poked fun at your newly proposed fitness regime, what we’re getting at. Well, don’t pass out from holding your breath, true believers, we’re getting to the point.
We’ve compiled a list of SIMPLE things you can do to improve your Security Posture in 2018.
1. Become more aware (subscribe to a podcast, training, etc.)
We’ll start with something simple: the consumption of knowledge. It’s the best way to get in the mood. There’s an abundance information security knowledge out there on the internet for you to choose from; some of it better than others.
Whether you start with a blog (we’re particularly fond of ours) or a podcast, start somewhere. We’ve compiled a list of blogs, newsletters, and podcasts you can get started with:
Blogs & Podcasts:
SANS Security Awareness Blog – https://securingthehuman.sans.org/blog#__utma=216335632.1691298762.1514995780.1514995780.1514995780.1&__utmb=216335618.104.22.1684995789314&__utmc=216335632&__utmx=-&__utmz=216335632.1514995780.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&__utmv=-&__utmk=246541639
Free SANS Security Awareness Training – https://securingthehuman.sans.org/resources
The Black Hills Information Security Blog and Podcast – https://www.blackhillsinfosec.com/blog/
Security Weekly Blog and Podcast – https://securityweekly.com/blog/
2. Educate family and friends (learned from #1)
Now that you’ve consumed all that sweet, sweet knowledge, it’s time to share it with those you care about. Heck, share it with people you don’t care about! Don’t discriminate when it comes to who you help.
Today, everybody’s vulnerable to cyber attack. There’s no such thing as a high profile target anymore. Everybody is a target. It’s not just celebrities or politicians getting hacked. It’s your neighbors, or your kids, or your parents (who can’t seem to stop themselves from forwarding you emails with links to things you know you shouldn’t click).
3. Generate a security baseline and measure your progress periodically (monthly/quarterly)
If you’re reading this, there’s a good chance you’ve already established a security baseline. A security baseline typically controls digital services like file and registry permissions, authentication protocols and more. Each end-point in your business usually has a unique security baseline.
(The fine people over at the IT Dojo have a great step by step guide for helping you establish a security baseline and I recommend you check it out: https://www.itdojo.com/building-a-security-control-baseline-step-by-step/)
If you don’t already have one, it’d be a good idea to establish one. Tools, products (like Rapid7 and Qualys) and principles (like the principle of least privilege) can help you tighten that baseline up and monitor your progress as time goes on.
What we recommend is you set up a Report Card and once a month track your efforts so you can keep improving. Use the tools mentioned above and you should be on your way to an improved security baseline.
4. Identify one thing you can do to enhance security posture at work (measured in #3)
One reason, maybe the best reason, to establish a security baseline is to improve your security posture. By measuring progress made by an established security baseline you should, if you’re doing it correctly, start to figure out where your weak points are and what you can do to strengthen those points or fill any gaps.
You can leverage tools like Cylance, Cybereason and Sumo Logic (among others) to do that.
5. Document a commonly used process (server build) and add some techniques to harden the device
Server builds are common. And because they’re so regularly assembled, it’s easy to overlook certain things that otherwise you shouldn’t ignore.
Take a look at your builds and take a fine-toothed comb to them. Look at what you’ve done and think objectively regarding how you could go about improving things. Consider doing things like:
- Minimize or removing unnecessary software on your servers
- Make sure your operating system is up to date, especially things like security patches and software updates have been analyzed and installed in a timely fashion
- Limit the number of open ports on your server. Only allow necessary traffic to pass through them
- Maintain server logs; mirror logs to a separate log server
There’s a lot more you can do so we’ll stop there. You get the idea.
6. Start to think about how the other half lives – maybe read a book or a reference/white-paper on hacking and try to understand the attackers perspective
We already recommended you listen to podcasts and read security blogs, but we recommend a more in-depth dive as well. Traditional podcasts and blogs, while incredibly informative, are more reactionary.
Sometimes you need to get in the head of the attacker to understand them. There are great, great books out there that can help you do that like Hacking Exposed (https://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289) that can help you understand why you might be at risk and what an attacker is trying to accomplish.
7. Review you egress traffic logs – you’ll be stunned at the traffic that leaves your device or your network
Everybody’s so focused on what’s trying to get into your system they might not be paying attention to what’s already going out. Take a serious look at your egress traffic logs for any strange or unwanted behavior.
Look for things like:
- SSL/TLS or other encrypted connections — especially those going to or coming from unknown systems.
- Network errors and protocol anomalies, such as dropped packets, authentication errors and domain name system (DNS)
- Check to see if any odd or unsupported protocols are coming from network segments reserved for printers, guest wireless systems, and other low-visibility systems.
- Look for Application-level threats, i.e. things like an advanced persistent threat and zero-day attack traffic, involving DNS lookups to unknown servers, communication with foreign hosts and massive amounts of traffic to and from a small number of hosts.
So, there you go! Our 7 simple tips for you to help start your year off securely. We wish you all the success in the world, both in regards to your cyber security health and your fitness endeavors. That new membership at Planet Fitness is going to get a lot of use…maybe until March.
After that it’s anybody’s best guess what happens to it.
Want to learn more? Take a look at our blog! It’s filled with information security goodness!