Cyber Defense Tips to Rival the NSA
Cyber defense is much more than security. “Security” can be misleading since it encourages people to think in terms of secure or insecure. This way of thinking leads to an overemphasis on preventative measures. Just like the human body, you need many more layers than that. A good cyber defense will also focus on deception, detection, and response in addition to prevention. In this video, we cover the four most important principles of cyber defense.
#1 Security Architecture:
You can’t defend what you can’t see. It’s really hard to build strong cyber defenses if the foundations aren’t sound. Security architecture is about improving visibility in the network through segmentation. You also want to maintain a good asset inventory and map to quickly identify what’s even there. Implementing policies like blocking removable media or blocking protocols are also architectural in nature.
#2 Security Monitoring:
Every asset connected to the network needs to generate telemetry. This gives you visibility into the activity occurring on them. Network traffic itself should also be sent to an IDS sensor like Snort or Zeek to generate security data from it. These logs should be aggregated and synced to a centralized location for monitoring. A team of analysts can build systems to detect and alert on anything anomalous. This team serves as the backbone of the network’s cyber defense.
#3 Implement Choke Points
For effective security monitoring, it’s key to limit the paths devices can communicate on. Blocking outbound traffic by default is the best way to do this. What is allowed to traverse the network then needs closer inspection. The best way to do this is to force clients to use a local DNS resolver or web proxy to access the Internet. Any traffic not destined for these inspection points is automatically suspect. What does go through can then be analyzed against blocklists or a reputation scoring service. Choke points not only restrict an attacker’s maneuverability but also make it easier to conduct proper cyber defense.
#4 Harden Systems with a Security Baseline
Systems running default configurations are highly vulnerable to generalized attacks. Deploying a security baseline on your assets ensures a consistent level of hardening against them. It also helps with managing change configuration on your network. Authorities like CIS, NIST, DISA, or vendors will all provide recommendations for different types of systems. These include operating systems, applications, phones, and network appliances. Whether it’s scripts, Group Policy Objectives, or Ansible playbooks, they’ll also offer ways to automatically apply baselines too.
00:00 Intro: How to Improve Cyber Defense For Your Network
01:11 The Biggest Misconception in Cyber Security
02:52 Traditional v. Modern Cyber Defense
05:02 Security Architecture & Building a Defensible Network
07:44 Principles of Security Monitoring: Assets & Endpoints
09:40 Create Choke Points In Your Network For Inspection
12:11 Collect Traffic With Network Security Monitoring
14:13 Hardening Systems with a Security Baseline
16:52 Strategies for Implementing Your Cyber Defenses
👍 LIKE AND SUBSCRIBE 📺
----- Resources -----
Rob Joyce’s talk at USENIX Enigma 2016:
https://www.youtube.com/watch?v=bDJb8WOJYdA
#CyberDefense #DFIR #Cyberspatial
Видео Cyber Defense Tips to Rival the NSA канала Cyberspatial
#1 Security Architecture:
You can’t defend what you can’t see. It’s really hard to build strong cyber defenses if the foundations aren’t sound. Security architecture is about improving visibility in the network through segmentation. You also want to maintain a good asset inventory and map to quickly identify what’s even there. Implementing policies like blocking removable media or blocking protocols are also architectural in nature.
#2 Security Monitoring:
Every asset connected to the network needs to generate telemetry. This gives you visibility into the activity occurring on them. Network traffic itself should also be sent to an IDS sensor like Snort or Zeek to generate security data from it. These logs should be aggregated and synced to a centralized location for monitoring. A team of analysts can build systems to detect and alert on anything anomalous. This team serves as the backbone of the network’s cyber defense.
#3 Implement Choke Points
For effective security monitoring, it’s key to limit the paths devices can communicate on. Blocking outbound traffic by default is the best way to do this. What is allowed to traverse the network then needs closer inspection. The best way to do this is to force clients to use a local DNS resolver or web proxy to access the Internet. Any traffic not destined for these inspection points is automatically suspect. What does go through can then be analyzed against blocklists or a reputation scoring service. Choke points not only restrict an attacker’s maneuverability but also make it easier to conduct proper cyber defense.
#4 Harden Systems with a Security Baseline
Systems running default configurations are highly vulnerable to generalized attacks. Deploying a security baseline on your assets ensures a consistent level of hardening against them. It also helps with managing change configuration on your network. Authorities like CIS, NIST, DISA, or vendors will all provide recommendations for different types of systems. These include operating systems, applications, phones, and network appliances. Whether it’s scripts, Group Policy Objectives, or Ansible playbooks, they’ll also offer ways to automatically apply baselines too.
00:00 Intro: How to Improve Cyber Defense For Your Network
01:11 The Biggest Misconception in Cyber Security
02:52 Traditional v. Modern Cyber Defense
05:02 Security Architecture & Building a Defensible Network
07:44 Principles of Security Monitoring: Assets & Endpoints
09:40 Create Choke Points In Your Network For Inspection
12:11 Collect Traffic With Network Security Monitoring
14:13 Hardening Systems with a Security Baseline
16:52 Strategies for Implementing Your Cyber Defenses
👍 LIKE AND SUBSCRIBE 📺
----- Resources -----
Rob Joyce’s talk at USENIX Enigma 2016:
https://www.youtube.com/watch?v=bDJb8WOJYdA
#CyberDefense #DFIR #Cyberspatial
Видео Cyber Defense Tips to Rival the NSA канала Cyberspatial
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Why Cyber Security is Hard to Learn (Tips For Success!)8 Biggest Cyber Heists Ever Pulled OffCyber Crime and Hunting Cyber CriminalsThe Password Manager Security Experts UseHow North Korea Conducts Cyber OperationsAn exclusive look behind the scenes of the U.S. military’s cyber defenseWhy You Need a DIFFERENT EMAIL Address for Every AccountVirtualbox Tutorial: How to Build Virtual MachinesHow To Pass a Cyber Security Cert in 5 DAYS (No books…)Why VPNs are a WASTE of Your Money (usually…)How Israel Rules The World Of Cyber Security | VICE on HBOIs Coding Important for Cyber Security?Real Hacking: Learn The Cyber Kill ChainThe Hacker Group That Changed The Internet: LULZSECOSINT: Sharpen Your Cyber Skills With Open-source IntelligenceHow to Prepare for a Cyber Security Interview (w/ Stephen Semmelroth)4 Best Ways to Send Files to YourselfHow to Fail a Cybersecurity InterviewLife of a DevSecOps Engineer (w/ Aras "Russ" Memisyazici)