Data Protection What is Operational Security? Go Deeper Roles - Threat Hunter. Recommended Resources. Get the Report. Related Blog Posts. What is POS Security? Learn more Download our free ebooks and whitepapers Insights on cybersecurity and vendor risk management. View resources. Attack Surface Management. Book a free, personalized onboarding call with one of our cybersecurity experts.
Contact sales. Related posts Learn more about the latest issues in cybersecurity. Cybersecurity metrics and key performance indicators KPIs are an effective way to measure the success of your cybersecurity program. Abi Tyas Tunggal September 14, The Top Cybersecurity Websites and Blogs of This is a complete guide to the best cybersecurity and information security websites and blogs.
Learn where CISOs and senior management stay up to date. Abi Tyas Tunggal August 24, What is Typosquatting and How to Prevent It. Learn about the dangers of typosquatting and what your business can do to protect itself from this malicious threat. Abi Tyas Tunggal August 23, Why is Cybersecurity Important? If your business isn't concerned about cybersecurity, it's only a matter of time before you're an attack victim. Learn why cybersecurity is important. Abi Tyas Tunggal October 18, What are Security Ratings?
This is a complete guide to security ratings and common usecases. Learn why security and risk management teams have adopted security ratings in this post. Abi Tyas Tunggal October 19, What Is Cyber Security? A Thorough Definition. Cyber security is the state or process of protecting and recovery computer systems, networks, devices and programs from any type of cyber attack.
View all blog posts. Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score How secure is your organization? Request a free cybersecurity report to discover key risks on your website, email, network, and brand. In a not dissimilar case, Strava, the manufacturer of a popular fitness tracker that uploads data to the cloud, released a detailed worldwide map of its users' jogging routes — and, due to the product's popularity among American soldiers, revealed a number of secret U.
OPSEC failures at the corporate level may not put national security at risk, but they are still potentially catastrophic for the companies involved. Entrepreneur Shy Bredewold explains how corporate details can leak out: "An overzealous employee tags themselves in a post which reveals a training facility otherwise unknown to the public. A chat with your spouse ends up in a forum saying how their husband is so stressed due to the new insert conceptual product release next month.
The U. The SecurityTrails blog has a particularly readable explanation , but here's a quick summary:. Again, that's all a little abstract. HackerCombat outlines a number of best practices, including:. You'll, of course, want to be extremely aware of any sensitive personally identifying data, including names, IP addresses, languages, emails, and the like.
But you'll also need to deal with people — specifically, your own people, for whom an OPSEC mindset needs to become second nature. They'll need to be trained on a number of practices, including encrypting data and devices, monitoring the transfer of data, and limiting access to certain data. They also need to be made aware of all the kinds of blunders we discussed earlier, especially when it comes to social media.
The final question you might be contemplating is who, exactly, should be in charge of OPSEC at your organization. The logs should be evaluated and checked for potential misconfigurations. The logs can also be used to demonstrate a deliberate breach of the operational security policy. For this, the concept of dual control is important and is discussed below. Access control : It is a good practice to restrict access to network devices. Access restrictions are traditionally implemented in networks via AAA authentication.
This security measure is typically executed, although in many networks too many operators have access to network devices. Restricting this number to the minimum amount of operators necessary reduces the risk. Authorization : The access an operator has should be restricted to the minimum access needed for the operator to do their job.
In most cases it is not a good idea for all operators to have full-enable access level 15 to devices. This practice can be more difficult to implement; however, simple distinctions, for example, who can and cannot enter configuration mode, go a long way. Dual control : Security control and network control should not be the responsibility of the same group. Ideally, a security group controls who has access to what, and a network group executes the configuration actions.
Typically the logs are controlled by the security group. This way it is much harder to deliberately misconfigure devices, since the security team could recognize a misconfiguration in the log files. Secure and verify : All of the above measures are active attempts to detect a change in the network, such as a configuration change. It is also possible to detect policy violations by analyzing the traffic on the network, or the state of dynamic information such as routing tables, ARP tables, etc.
For example, intrusion detection systems can create alerts when flows are seen on the network that do not correspond to the policy. There are many other ways to monitor for traffic anomalies.
For example, Cisco IOS NetFlow can be instrumental in detecting misrouted packets on the network and routing tables can be checked for missing or unknown routing prefixes. Automation : It is generally recommended to automate processes and procedures, specifically recurring verification processes, because humans tend to overlook details in log files and similar processes.
Automated processes are also less likely to make mistakes, although if a mistake does happen, it is often systematic and therefore easily detectable. Defense in Depth The key issue with many operational control functions is that they may not always prevent mistakes from happening.
Complexity and Security The complexity of a network makes operational mistakes and security violations more likely. AAA servers build the core of an operational security model. Login enhancements provide information on unsuccessful login attempts, etc. Acknowledgments Michael Behringer mbehring cisco. Back to Top.
0コメント