Skip to content

Hardening

Hardening is the process of bringing our OS, application, etc. to a more secure state, by configuring the system aside from its default (or previous) settings by reducing the attack surface.

This process can (and will) usually include removing software/services from the OS, removing/changing default password, patching, and so on.

The process of hardening has for its aim to remove configuration vulnerabilities.

For example, you can place a password policy on your OS, so that the user has to enter more complex password, than no or a simple password which would classify as a configuration-based vulnerability.

The hardening process should be specific for the OS and the threats you’re attempting to control. It would not be the same for a Linux-based server that’s for example a public webserver and for a Windows desktop. This would be different because of the nature of the threats you’re going up against, i.e., you’d need to have different profiles for each of those.

This implies that there’s no general way to harden systems, however, there are things that you will tend to do that will hold for all those cases. Like, as I already mentioned, removing unnecessary stuff, reducing your attack surface by controlling what could be attacked better, etc.

Hardening is not a trivial task, as it requires in-depth understanding of a system you’re hardening. To make an extreme example – you could set your firewall to block all inbound traffic by default and you would be quite safe, but then again, the reason for that safety would be due to the fact you’ve rendered one of the (main) functionalities of that system unusable – Accessing the Internet. Thus, you really need to pay attention in order to strike that middle ground between usability and security in a sensible way. You don’t want to have issues with using your daily driver OS, and you don’t want to break it.

Layers

Its helpful to think of layers when hardening your systems. One such example can be the webserver I already mentioned. You would have the OS layer, thus you’d need to harden the OS itself, then if your, for example, Apache runs an app server, you’d need to harden that as well. Finally, if you have an application that’s running there – the code for that application would need to be written securely.

This is just an illustration, so that you have a general idea of what to think about when thinking about hardening, but I want to focus more on OSes (if necessary, I will create another OS dedicated article about hardening).

Standards

There are standards out there for mostly anything you’d like to harden, and it’s best to follow these. Similar to let’s say secure coding best practices, or any other type of best practices.

Also, there are scripts that can audit or remediate your system to a state you wanted, this not only saves you time, but it will also provide you with a good way to avoid any human-based errors, while hardening your system.

The standards can be called baselines, benchmarks, policies, standards, etc. Just an fyi. They still describe the same thing… also, note that these benchmarks are made by a community of security professionals, which is what we want.

One such hardening standard is the CIS Benchmarks. As you can see on the link, they offer hardening for Mobile Devices, Network Devices, Server/Desktop Software, Cloud, and more, aside from the OS benchmarks, and it’s a good place to start. Once you’ve found your target system you’d like to harden, you can click on the link for it and download the associated .pdf file for that specific benchmark. (You will need to fill out a form, but after that, you’ll be sent a link where you’ll be able to access all the available .pdfs and download them, for free).

Note that the standards needn’t necessarily align with your needs, so even these standards are not a silver bullet that you can implement blindly. Read it, understand it, and assess what you will need before going forward with the implementation.

Another one of these baselines is the NIST Configuration Baseline, but it’s a bit dated (offering only for Windows 7 and Red Hat – but if you have Red Hat in your environment, it might be useful to you). Regardless, it’s a good resource to skim through so you can learn a bit more on the topic.

One more standard/baseline is the Securiity Technical Implementation Guides (STIGs), from the DoD Cyber Exchange Team. These are up to date, and cover the latest OSes (mostly) and their respective security standards for hardening them. Do note that these are geared more towards the DoD and their requirements, so there might be some things in there that won’t be useful for your case. However, these are something I’d recommend anyone who wants to harden their system(s) to look at and think of them as general hardening guidelines. To view these, you’ll also need a STIG viewer, as they are in an XCCDF format.

Although this might be a bit of a hassle, it’s worth it because it will give you a very nicely laid out interface with recommended settings, references, information, and more – all related to the hardening of system(s).

SCAP – Security Content Automation Protocol

This is a NIST standard, and from their website, it’s about:

The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality.

And

NIST’s security automation agenda is broader than the vulnerability management application of modern day SCAP. Many different security activities and disciplines can benefit from standardized expression and reporting. We envision further expansion in compliance, remediation, and network monitoring, and encourage your contribution relative to these and additional disciplines.

The SCAP standard consists of the following components:

  • XCCDF
  • OVAL
  • DataStream
  • ARF
  • CPE
  • CVE

And is XML-based.

Simply put, SCAP is a protocol/standard that enables to create human and machine-readable security documents, that you can use with automated tools to audit/harden a target system.

Open SCAP is the implementation of SCAP. This is a bundle of tools, security policies, and is based on the SCAP standard. Be sure to check out the SCAP Workbench – This tool allows users to perform configuration and vulnerability scans on a single local or a remote system, perform remediation of the system in accordance with the given XCCDF or SDS file. Workbench can generate reports, in multiple formats, containing the results of a system scan.

It will both help you in case all of this is a bit confusing, and you can also run a test on your system, by inputting of the said standards in it and it will run it against that and tell you if your system passed/failed and if it has any vulnerabilities.

Unfortunately, Open SCAP is more focused on Linux systems (particularly Red Hat systems – CentOS/Fedora), but there is some (very minimal) MacOS and Windows support.

Conclusion

This is an extensive topic, and I hope my intro into it has attracted your attention. In the coming articles I will try to cover at least the OS portion of hardening – for Windows, Mac, and Linux.

Stay tuned!

Cover image by Ian Battaglia

#hardening #OS #application #SCAP #standard

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

How to Not Fall Victim to Browser Vulnerabilities

JumpCloud’s Universal Chrome Browser Patch Management

Browsers are the gateway to online productivity. 

Without them, we would not be able to get work done. To that end, they are also one of the biggest attack targets for bad actors. If we are not careful, and do not make a conscious effort to upkeep web browser security, hackers can easily exploit browser vulnerabilities. 

What makes browsers especially appealing to these individuals? Browsers access, collect, and hold lots of sensitive data — from personal credentials to company information — that cyber hackers can sell on the dark web and use to blackmail companies.

According to Atlas VPN, Google Chrome, the world’s most popular browser, has the highest number of reported (303) vulnerabilities year to date. Google Chrome also has a total of 3,159 cumulative vulnerabilities since its public release. 

In this article, we’ll dive into the topic of browser vulnerabilities, the importance of patch management, and how to streamline protection.

Atlas VPN top web browsers by vulnerability graph
Image courtesy of Atlas VPN

A Closer Look at Google Chrome’s Latest Vulnerabilities

On November 8, 2022, the Center for Internet Security (CIS) reported finding multiple vulnerabilities in Google Chrome. 

The most severe vulnerability within this group could potentially allow for arbitrary code execution in the context of the logged on user. What does that mean? 

Depending on a user’s privileges, an attacker could install programs and view, change, or delete data. The bad actor could even create new accounts with full user rights! 

Of course, users whose accounts have minimal user rights on the system would be less impacted than those with administrative user rights.

Multi-OS systems were affected, including:

  • Google Chrome versions prior to 107.0.5304.110 for Mac
  • Google Chrome versions prior to 107.0.5304.110 for Linux
  • Google Chrome versions prior to 107.0.5304.106/.107 for Windows

First and foremost, CIS recommends applying appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. See here for all the other CIS recommended actions. 

The Need for Browser Patching 

Here are the key reasons you should regularly update or patch your browsers:

  • Enhance Security: Prevention of spyware, malware, and other viruses that could give someone access to your data or trick you into handing it over.
  • Improve Functionality: Outdated browsers might not work (well) or support new apps or software.
  • Boost User Experience: Older browsers usually do not support the latest and greatest code and will have trouble loading component files in the website. This might cause a website to freeze, crash or take forever to work.

For IT admins, security aspects are probably the most important reason to patch browsers. Keeping browsers updated with the latest version (i.e., downloading and installing all provided patches) goes a long way toward preventing cyber attacks and bad actors from exploiting known vulnerabilities. 

How to Create Default Chrome Browser Patch Policies

One of the easiest ways to stay on top of patches, and reduce browser vulnerability risk, is to use the JumpCloud Directory Platform. 

The latest capability addition to our Patch Management solution provides a universal policy to keep Google Chrome up to date for macOS, Windows, and Linux. 

A universal policy saves time by automatically scheduling and enforcing Chrome security patches on a large number of managed devices.

Screenshot of JumpCloud Policy Management Console 
JumpCloud Policy Management Console 

The platform’s four universal preconfigured default Chrome browser patch policies allow admins to deploy browser updates with different levels of urgency. Admins also have the option to configure a custom universal policy; this feature allows for easy modification of existing policy settings to tailor update experiences to organizational needs. 

The four JumpCloud default Chrome browser patch management policies control how and when a Chrome update is applied. The recommended deployment strategies include:

  • Day Zero: Deploy automated upgrades inside your IT Department the first day an update is available.
  • Early Adoption: Deploy automated upgrades to early adopters outside of IT.
  • General Adoption: Deploy automated upgrades to general users in your company.
  • Late Adoption: Deploy automated upgrades to remaining users in your company.

Once you have created a Chrome browser patch policy, you can assign it to any devices, policy groups, or device groups. A policy group helps quickly and efficiently roll out existing policies to large numbers of similar devices. 

Capabilities of JumpCloud Browser Patch Management

JumpCloud’s new Browser Patch Management also introduces the following features:

  • Enforce Chrome updates and browser relaunch. 
  • Enforce or disable Chrome Browser Sign In Settings.
  • Restrict sign-in to a regex pattern to ensure users sign in via company email accounts.
  • Automate device enrollment into Google Chrome Browser Cloud Management, which unlocks limitless capabilities for browser and extension control within the Google Admin console. 

Dive deeper into the new Universal Chrome Browser Patch Management Release by exploring the release notes for this feature in the JumpCloud Community. 

Learn More About JumpCloud

The good news? Browser patching and patch management are included in JumpCloud’s affordable A La Carte pricing package. 

Try JumpCloud for free for up to 10 devices and 10 users. 

Complimentary support is available 24×7 within the first 10 days of account creation.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.

SafeDNS named top-rated cybersecurity software

SafeDNS has been featured as a top-rated product in Software Advice’s FrontRunner Report 2022 for Cybersecurity Software category. Here’s our placement in the Grid report:

SafeDNS is also proud to announce its multiple award-winning streak in 2022 by Capterra. We were recognized in Capterra Shortlists in 2 categories this year as Emerging Favorite: Cybersecurity & Endpoint Protection.

Thanks to our clients who made it possible! We received some stellar reviews on Capterra:

“Safe DNS is a company that accomplishes what they commit to offering. They have great customer service and competitive pricing.” [Scott M.]

“SafeDNS is a solid DNS based content filtering solution. The reliability and consistency is great.” [Thomas M.]

“SafeDNS is a really great product, we have been using it for over 5 years now and it’s really robust.” [Jason T.]

To be as happy as our customers are with the DNS Security we provide, start your free trial for Business now with 20% off. Use code BlackFriday_20 at purchase.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

ESET launches APT Activity Report highlighting activities of Russia-, North Korea-, Iran- and China-aligned threat actors, including attacks on aerospace and defense industries

  • ESET launches new APT Activity Report; the first installment covers the period of May-August 2022 (T2 2022).

  • ESET Research saw no decline in the activity of Russia-, China-, Iran-, and North Korea-aligned APT groups.

  • Ukraine is still a prime target of Russia-aligned threat groups eight months after the invasion.

  • Aerospace and defense industries continue to be of high interest to North Korea-aligned groups, along with financial and cryptocurrency firms and exchanges.

  • China-aligned groups were able to leverage various vulnerabilities and previously unreported backdoors.

  • The growing number of Iran-aligned groups continued to focus their efforts mainly on various Israeli verticals.

BRATISLAVA — November 14, 2022 — Accompanying the successful ESET Threat Report, ESET Research launches the ESET APT Activity Report, aiming to provide a periodic overview of ESET’s findings on the activities of advanced persistent threat (APT) groups. In the first installment, covering T2 2022 (May-August 2022), ESET Research saw no decline in the APT activity of Russia-, China-, Iran-, and North Korea-aligned threat actors. Even more than eight months after the Russian invasion, Ukraine continues to be a prime target of Russia-aligned APT groups such as the infamous Sandworm, but also Gamaredon, InvisiMole, Callisto, and Turla. The aerospace and defense industries, along with financial and cryptocurrency firms and exchanges, continue to be of high interest to North Korea-aligned groups.

“We have noticed that in T2 2022, several Russia-aligned groups used the Russian multiplatform messaging service Telegram to access C&C servers or as an instrument to leak information. Threat actors from other regions were also trying to gain access to Ukrainian organizations, both for cyber espionage and intellectual property theft,” elaborates Jean-Ian Boutin, Director of ESET Threat Research.

“The aerospace and defense industry remains of interest to North Korea-aligned groups – Lazarus targeted an employee of an aerospace company in the Netherlands.  According to our research, the group abused a vulnerability in a legitimate Dell driver to infiltrate the company, and we believe this to be the first-ever recorded abuse of this vulnerability in the wild,” continues Boutin.

Financial institutions and entities working with cryptocurrency were targeted by North Korea-aligned Kimsuky and two Lazarus campaigns. One of these, dubbed Operation In(ter)ception by ESET researchers, branched out of its usual targeting of aerospace and defense industries when it targeted a person from Argentina with malware disguised as a job offer at Coinbase. ESET also spotted Konni using a technique employed by Lazarus in the past – a trojanized version of Sumatra PDF viewer.

China-aligned groups remained highly active, using various vulnerabilities and previously unreported backdoors. ESET identified a Linux variant of a backdoor used by SparklingGoblin against a Hong Kong university. The same group leveraged a Confluence vulnerability to target a food manufacturing company in Germany and an engineering company based in the US. ESET Research also suspects that a ManageEngine ADSelfService Plus vulnerability was behind the compromise of a US defense contractor whose systems were breached only two days after the public disclosure of the vulnerability. In Japan, ESET Research identified several MirrorFace campaigns, one directly connected to the House of Councilors election.

The growing number of Iran-aligned groups continued to focus their efforts mainly on various Israeli verticals. ESET researchers were able to attribute a campaign targeting a dozen organizations in Israel to POLONIUM and identify several previously undocumented backdoors. Organizations in or linked to the diamond industry in South Africa, Hong Kong, and Israel were targeted by Agrius in what ESET Research considers a supply-chain attack abusing an Israeli-based software suite used in this vertical. In another campaign in Israel, indicators of possible tool-use overlap between MuddyWater and APT35 groups were found. ESET Research also discovered a new version of Android malware in a campaign conducted by the APT-C-50 group; it was distributed by a copycat of an Iranian website and had limited spying functionality.

For more technical information check the full “ESET APT Activity Report” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

What Is Remote Desktop Protocol (RDP)?

Remote desktop protocol (RDP) is a proprietary communication protocol initially built by Microsoft. It allows two computers to exchange a graphical user interface (GUI) via transmission control protocol (TCP)/internet protocol (IP). RDP is an extension of the T.120 point-to-point (P2P) communication protocols that are standardized by the International Telecommunications Union (ITU). 

There are three primary use cases for RDP. Firstly, IT admins can use this protocol to remotely perform administrative tasks, such as PC tuneups, ID protection settings, software installations, computer troubleshooting, and printer setups. By using RDP, IT teams can easily maintain and diagnose problems that individual employees are encountering from afar. 

Secondly, employees can leverage RDP to access their workstations remotely. For example, they could access enterprise resources while working from home or traveling. Thirdly, RDP is also helpful for “headless computers” or thin clients that employees may want to leverage to access powerful workstations in the office. 

How Remote Desktop Protocol Works

RDP is a secure protocol that furnishes the user on one computer with a GUI that they can use to connect to another PC over TCP/IP network directly. For this to work, the user originating the request must have an RDP client application installed on their computer. Similarly, the PC the user is trying to access must be running an RDP server software, allowing the client to connect remotely. 

Once linked, the user can now see the desktop of the PC to which they have connected through RDP to access applications and files on that desktop. All current Windows operating systems (OSs), including Windows Server and desktop versions, come with a built-in RDP server that provides remote desktop connection capabilities. 

However, the RDP client software is only available to Windows Pro and higher versions. For example, Windows Home users must upgrade their OSs to Windows Pro or higher versions to use remote desktop connection (RDC) services. 

RDC is one of the three client components of Microsoft’s Remote Desktop Services (RDS). It enables remote client PCs — powered by RDP — to connect with Windows-based platforms. The two other client components of Microsoft’s RDS are Fast User Switching and Windows Remote Assistance. Aside from RDCs, RDP clients are available for Unix, Linux, macOS, Android, and iOS. 

By default, RDP-based communications are established over TCP port 3389, or if the remote desktop gateway is used, the connections are made over TCP port 443. When a user connects to a remote PC, the RDP client redirects the mouse and keyboard events to the remote server. RDP uses its own on-screen mouse and keyboard driver on the remote server to receive these input events from RDC clients. 

To help render the user’s actions, RDP uses its own graphics driver to construct the display output into TCP/IP packets that are then redirected to the RDC client. On the client’s side, the RDC client receives the rendered data and translates it into corresponding graphics device interface (GDI) application programming interface (API) calls. 

As a multi-channel platform, RDP uses separate virtual channels for device communication, presentation data, and encrypted input events between the RDP client and server. RDP’s virtual channel ecosystem is extensible and can support up to 6,400 disparate channels for data connections and multipoint transmissions. 

Pros and Cons of RDP

Below are some advantages that organizations and users can derive from RDP:

  • Easy access to enterprise resources. Employees can easily connect to their workstations from anywhere in the world. The protocol eliminates the need for employees to travel with flash drives. 
  • Streamlined IT management. IT teams can manage every aspect of the enterprise’s network in real time from one location. For example, they can edit the permissions to individual users or groups within the organization through RDC. 
  • Cost savings. Using RDP for RDC can help an organization save on hardware and ongoing maintenance costs. Employees can use their personal devices under the bring-your-own-device (BYOD) framework for work-related activities. 

Despite the advantages, RDP has its own disadvantages. Below are a few of them:

  • Internet connectivity. You need reliable internet connectivity for a client PC to connect successfully to a remote machine. Otherwise, the entire RDC will break down.
  • Security vulnerabilities. Although RDP-based sessions have inbuilt data encryption, access control, and activity logging capabilities, the protocol has inherent weaknesses that hackers can exploit and compromise the network. Let’s discuss some of these risks in more detail in the next section. 

RDP Security Risks 

RDP is the foundation for many remote access solutions within Windows-based environments. As such, it has become one of the most popular targets for hackers. Below are three common RDP security risks that hackers can exploit:

Weak Authentication

Most users rely on passwords to protect their workstations. They often reuse the same password across different systems, including RDP logins. If the password is weak, any hacker can attempt a brute force attack through techniques such as credential stuffing or rainbow table attack to gain access to the enterprise network. To mitigate these attacks, organizations can use single sign-on (SSO), multi-factor authentication (MFA), and adhere to password management best practices.

Unrestricted Port Access

By default, RDP connections take place on TCP port 3389. If this port is left open, an attacker can easily carry out on-path attacks and compromise the network. To protect against port-based attacks, you’ll need to lock down port 3389 and implement firewall rules. 

Unpatched Vulnerabilities

Microsoft has already provided and continues to provide OS updates and hotfixes for some of the most severe RDP vulnerabilities. Still, some of these vulnerabilities can cause damage, especially when left unpatched. 

For example, “BlueKeep”—a wormable attack that allows hackers to execute arbitrary codes on a remote PC—can cause damage to the organization if the OS is not patched. To mitigate against these vulnerabilities, you can leverage patch management tools to ensure their OS and applications are up to date. 

RDP Alternative

It’s no longer a secret that the shift to hybrid workplaces is having severe security implications for most modern organizations. To succeed in such environments, companies must ensure remote access solutions like mobile device management (MDM) tools are secure and fit into the organization’s budget. 

JumpCloud Remote Assist is a low-cost, easy-to-use, and secure remote access solution. IT admins can leverage the tool to connect to end users’ Windows, macOS, and Linux endpoints and fix technical issues from an intuitive cloud-based console. 

When used in an organization, JumpCloud Remote Assist allows IT admins to streamline access to organization resources. For example, they can easily customize, provision, and manage new security policies that better suit evolving workflows from a single place. 

Remote Assist will be a FREE add-on for organizations already using the JumpCloud Directory Platform® to manage Windows, macOS, and Linux endpoints. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.

Why Integrated Network Security Architecture is the Future

Integrated network security architecture is the design of a network to defend against cyber attacks. It is simply securing a network by integrating different security features. It is a systematic approach to designing and implementing a set of cybersecurity measures that are synergistic and mutually supportive to one another, to provide an increased level of protection.

With an integrated network security architecture, you can integrate multiple layers of protection into one cohesive system. This includes technologies, people, processes and policies. These layers work together to provide comprehensive protection for the company’s IT resources and data. It involves selecting hardware, software and services, their configuration and deployment, and how they are managed.

The security method is often referred to as the “defense-in-depth” approach. This means that it focuses on protecting data from a variety of different angles, as opposed to using just one single method. No wonder it has proven to be the most effective means of securing your network.

The three main layers of network security architecture are:

I. The Physical Layer

This includes everything from the cables and wireless antennas to the actual devices that make up your network. It is a form of perimeter protection that shields your network from wireless interference.

II. The Data Link Layer

This is where all data passes through on its way to being transmitted over the network. By default, this poses a vulnerable pathway requiring network and data protection.

III. The Network Layer

It is also referred to as endpoint protection because it is the last layer to ensure your network’s security.

Why is Integrated Network Security Architecture Important?

The integration of network security architecture is important as it helps to protect the network against cyber threats. It effectively provides a holistic view of the entire system, which is necessary for maintaining a secure and reliable network environment.

Network security is a vital part of any organization’s IT infrastructure. It is important to have an integrated network security architecture in place to protect the organization’s data and resources. This is especially crucial for organizations or even individuals that have data that they want to protect.

Four Proven Practices In Integrated Network Security Architecture

I. Perform a Threat Assessment of Your Organization’s Networks

A threat assessment is a process of identifying the potential threats to an organization and then determining how these threats might be realized. This would help to determine what measures to take to prevent it, thereby protecting your network and data.

Therefore, during any threat assessment, the first thing to do is to identify the assets in your organization. This aims to determine what would be at the risk in an attack. By putting yourself in the shoes of an attacker, you will be able to detect the assets that need to be protected.

The next step is to determine what type of threats might be present. It is important to know what kind of technology your company uses and how it might be vulnerable. Note that the major difference between threats and vulnerability is that threats are those who would want to cause harm, while vulnerabilities are weaknesses that the threats can exploit.

The last step is to develop a response plan for preventing, detecting, and responding to threats. This includes prioritizing the threats and vulnerabilities based on their level of severity and probability of occurrence.

When it comes to integrated network security architecture, threats can be categorized in two ways:

  • Technical Threats – A technical threat is when a system or network is compromised through a computer exploit or malware that disrupts its operations. This type involves exploiting security vulnerabilities in software or hardware to gain access to data and resources. Some common examples are; hacking, malware, denial of service attacks, etc.
  • Non-Technical Threats – This takes a more hands-on approach and can consist of things like insider fraud and theft of trade secrets.

II. Conduct a Business Impact Analysis

A business impact analysis is a process that can help an organization identify its risks and impacts related to network disruptions or attacks. It also helps businesses understand the vulnerabilities they might have.

It serves as a methodology that can be used to assess the impacts of disruption that might occur in the event of a cyber attack.. The analysis should be conducted by the risk management team, with input from other stakeholders within the organization.

The main objective of this analysis is to identify and prioritize risks and impacts, as well as to understand how an event will affect different parts of the organization. Analysis should also help in understanding how much time is required for recovery after a disruption or attack.

This type of analysis helps the business make decisions to mitigate its risks and impacts for the future. If an organization fully understands what would happen if there were network disruptions or attacks on their systems, it will help them understand the precise impact it might have on their business operations. Moreover, it could also prepare them for a scenario where events could happen more frequently in the future.

III. Develop a Strategy for Handling Security Incidents

Security incidents are occurring these days at an unprecedented rate. This includes any event that can negatively impact the confidentiality, integrity, or availability of an organization’s data.

It is important to have a strategy in place for how to handle them, which includes clear priorities, responsibilities, and procedures. Below is a tested incident response plan template or incident response process that you need to emulate.

IV. Assess the Severity of the Situation

When faced with a security threat, the first step is to assess the severity of the security incident and determine whether it needs to be handled by higher-level personnel or not.

If it does, they should be notified and assigned responsibility for handling the incident. If not, then a lower-level employee should take on responsibility for handling it themselves or with assistance from someone else who is available and qualified to do so.

Your assessment should follow this pattern:

  • Think about the threats that you are likely to face.
  • Make sure that your plan is flexible enough to adapt to new threats as they emerge.
  • Consider the need for interoperability with other networks, such as your partners’ networks, suppliers’ networks and customers’ networks, when designing your network architecture.
  • Determine the level of protection needed, and how much funding is available before designing your security architecture and plan.

Consider your business needs and how much risk you are willing to take on, your when designing your security architecture and plan so that these factors can be aligned.

Contain the Damage

The second priority in handling a security incident is to contain the damage. This includes notifying those who need to know, containing the spread of any virus or malware, and preventing future incidents. Depending on the type of breach, this may include initiating a forensic investigation or contacting law enforcement.

Your containment strategy should:

  • Properly segment networks with firewalls
  • Perform vulnerability assessments
  • Implement intrusion detection systems
  • Install antivirus protection on all devices
  • Use two-factor authentication for access to data and accounts
  • Protect endpoints with endpoint security solutions
  • Ensure that servers are patched and updated regularly
  • Encrypt sensitive data that is stored on the network or devices

Prevent Similar Future Attacks

The third priority when it comes to integrated network security architecture is to identify what happened and how it happened. This includes identifying who and what data was affected by the breach, if any other systems were compromised, and how to prevent similar future attacks.

Make sure that your prevention plan encompasses the two implementations below:

  • Develop an operational plan
  • Implement controls to address identified risks in the system design, physical architecture, logical architecture designs, and operational plans.

IV. Assign IT Staff to Identified Roles & Tasks

By having a dedicated IT security team, you can effectively delegate security roles and responsibilities to ensure quick detection and mitigation of present and future security threats.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

runZero 3.3: Unmatched visibility into your Google ecosystem

What’s new with runZero 3.3?

  • Extended visibility into Google Workspace
  • Queries for Google Workspace users and groups
  • Fingerprinting for Google assets
  • Identification of OpenSSL services
  • Improvements to the runZero Console

Extended visibility into Google Workspace

runZero 3.3 furthers the visibility into your Google ecosystem through a new integration with Google Workspace. runZero Professional+ users will be able to sync Google Workspace asset details from mobile devices, endpoints, and managed Chrome systems, while runZero Enterprise users will also be able to sync Users and Groups. Once the integrations are configured, users can view, search, analyze, export, and alert on attributes from both Google Workspace and Google Cloud Platform.

One of the key reasons to leverage the runZero integrations is to get better insight into the scope of your environment and completeness of coverage since MDM and IAM platforms can’t provide any insights into devices that haven’t been onboarded. To identify assets on your network that aren’t onboarded to Google Workspace, use the query source:runZero AND NOT source:googleworkspace. Conversely, use this query to find assets from Google Cloud Platform or Google Workspace that have not been scanned by runZero yet: (source:gcp OR source:googleworkspace) AND NOT source:runzero. These queries can help you keep pace with unmanaged and disconnected assets.

The integration also pulls in many Google Workspace attributes to give you comprehensive asset visibility. This could include attributes like when a device was last synced, whether a device has a password enabled or is encrypted, or whether it supports the use of a work profile. The Recent Users list in the asset details can also provide insight into device ownership and usage. You can filter for a specific user by using the @googleworkspace.mobile.email attribute for mobile devices or the @googleworkspace.chromeos.recentUsers attribute for ChromeOS devices. To find mobile devices that aren’t locked with a password try the query @googleworkspace.mobile.devicePasswordStatus:="Off", or use @googleworkspace.mobile.encryptionStatus:="Not Encrypted" to find ones without encryption enabled. The wildcard operator also lets you find results with a range of OS versions, such as using @googleworkspace.endpoint.osVersion:="MacOS 12.% to find Google Workspace assets running macOS Monterey.

runZero offers unmatched active network scanning, while also integrating with an ever-growing list of data sources so that you have a complete asset inventory at your fingertips. To get started, set up a connection to Google Workspace or Google Cloud Platform.

Google Workspace integration

Queries for Google Workspace users and groups

runZero Enterprise users can leverage the new queries tailored for the Google Workspace integration to quickly find and alert on accounts that match particular parameters, in addition to being able to run searches in the Users and Groups inventories. Identify administrator accounts, suspended accounts, and accounts without MFA to improve IAM efforts and better protect your environment. These queries are included in the Query Library and can also be used to create alerts.

Run queries about Google Workspace users or create an alert rule to find assets of interest.

Query and Alert on Google Workspace Results

Fingerprinting for Google assets

runZero includes fingerprints for the metadata returned by the Google integrations, including Google Cloud Platform and Google Workspace. This will help provide the most accurate operating system and hardware data about the assets in your inventory.

In addition to Google fingerprints, runZero has also improved fingerprinting coverage of Microsoft 365 Defender assets and SNMP devices. Additional support was added or improved for products by Apache, Aruba, Avaya, Axon, Cisco, CyberPower, Debian, Eaton, Epson, Fortinet, Fujifilm, Geist, Hikvision, Lexmark, Oracle, Sato, Sony, Vivi, and VMware.

Identification of OpenSSL services

In preparation for the OpenSSL vulnerability announcement, runZero released remote, unauthenticated fingerprinting for OpenSSL 3 services, allowing our users to get ahead of the mitigation process prior to the vulnerability details becoming public. This capability has since expanded to detect even more TLS implementations and track the TLS stacks in use on each asset. runZero users can find OpenSSL endpoints using the query product:openssl, in the assets, services, and software inventories.

The server-side exposure only applies to services that process client certificates. runZero already performs checks for this, even though it is not a common configuration. To identify services running OpenSSL 3.0.x variants that may be vulnerable to exploitation, use the following query in the service inventory search: _service.product:"OpenSSL:OpenSSL:3" AND tls.requiresClientCertificate:"true".

Improvements to the runZero Console

The 3.3 release includes several changes to the user interface to improve the performance of the runZero console. The tables on the Explorers, Sites, Organizations, and Your team pages now perform and load faster. This will let users query and sort the results in tables more efficiently, getting to the answers they need faster.

The release also extends the availability of the All Organizations view. All users now have a view that will show them the results from all of the organizations that they have access to. The available permissions in that view reflect their per-organization permissions so that they can manage resources just like they would when viewing a single organization.

Release notes

The runZero 3.3 release includes a rollup of all the 3.2.x updates, which includes all of the following features, improvements, and updates.

New features

  • runZero Professional and Enterprise customers can now sync assets from Google Workspace.
  • runZero Enterprise customers can now sync users and groups from Google Workspace.
  • The “All Organizations” view is now available to restricted users with a filtered scope.
  • User interface tables were revamped for Organizations, Sites, Explorers, and Teams.
  • Live validation is no longer required for Qualys VMDR and InsightVM credentials.
  • Fingerprint updates.

Product improvements

  • The subnet utilization report now supports filtering by site.
  • CSV export of assets now includes the same hostname information as the inventory view.
  • Up-to-date ARM64 builds of the standalone scanner are now available.
  • The account API endpoint for creating organizations now accepts the argument types documented.
  • Merging two assets now correctly updates the date of the newest MAC address for the resulting asset.
  • Disabling all scan probes now disables the SNMP probe.
  • Service Provider information is now displayed with a default domain before SSO settings are configured.
  • Explorers are now ordered alphabetically on the scan configuration and connector configuration pages.
  • runZero users logging in via SSO are now presented with the terms and conditions acceptance dialogue.
  • A new tls.stack attribute that tracks the TLS software provider and version has been added for assets and services.
  • A new canned query for OpenSSL 3.0.x with client certificate authentication has been added.
  • The scanner now reports OpenSSL versions via TLS fingerprinting.
  • The scanner now reports Tanium agent instances on the network.
  • The scanner now reports additional detail for SSLv3 services.
  • The search keywords has_os_eol and has_os_eol_extended are now supported on the Assets and Vulnerabilities inventory pages.
  • The “last seen” link to the most recent scan details has been restored on the asset details page.

Performance improvements

  • Improved performance when scanning from macOS hosts that have certain EDR solutions installed.
  • Improved performance of Intune integration when importing a large number of users and devices.
  • Scan task processing speed has been improved for SaaS and self-hosted customers.
  • The baseline memory usage of Explorers has been reduced.
  • Error handling of misconfigured fingerprints has been improved to reduce Explorer and scanner crashes.

Fingerprinting changes

  • Improved fingerprinting coverage of Microsoft 365 Defender for Endpoints assets.
  • Improved fingerprinting coverage of SNMP devices.
  • Tanium agent detection now sets the edr.name attribute.
  • Added fingerprinting of OpenSSL, GnuTLS, and Windows TLS stacks, including version when possible.
  • Apple ecosystem OS fingerprint updates.
  • Additional support added-or-improved for products by Apache, Aruba, Avaya, Axon, Cisco, CyberPower, Debian, Eaton, Epson, Fortinet, Fujifilm, Geist, Hikvision, Lexmark, Oracle, Sato, Sony, Vivi, and VMware.

Integration improvements

  • The AWS integration now includes an option to delete AWS-only assets that were not seen in the most recent import.
  • The Qualys integration now includes an option to import unscanned assets and is disabled by default.
  • Processing speed for large Qualys imports has been improved.
  • GCP credentials can now be configured to import assets from multiple projects.
  • The error message indicating that an AWS integration credential has insufficient permissions has been improved.

Bug fixes

  • A bug that could prevent the use of third-party credentials when using TLS thumbprints or the insecure connection option with a public URL has been resolved.
  • A bug which sometimes prevented GCP imports from completing has been fixed.
  • A bug in how Service Inventory searches were launched from the Asset details page had been resolved.
  • A bug that could prevent TLS probes from completing has been resolved.
  • A bug that could prevent updating site metrics has been resolved.
  • A bug that could prevent the Intune integration from completing long-running tasks has been resolved.
  • A bug that could prevent the GCP integration from returning all assets has been resolved.
  • A bug that could result in a recurring integration running again before the previous task finished has been resolved.
  • A bug that could prevent importing assets from Microsoft Intune has been resolved.
  • A bug that could prevent importing assets from Microsoft 365 Defender has been resolved.
  • A bug that could prevent importing assets from Microsoft 365 Defender has been resolved.
  • A bug that could cause broken asset links has been resolved.
  • A bug that could cause missing service data for services with conflicting virtual hosts has been resolved.
  • A bug that could cause inaccurate user counts for imported directory groups has been resolved.
  • A bug that affected tooltip display has been resolved.
  • A bug that prevented “open in new tab” navigation using middle/right click has been resolved.
  • A bug that could prevent Azure AD imports has been resolved.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

How free migration tools end up costing you more

Discover how the true cost of migrations can often be hidden.

Everyone likes a freebie, there’s no denying it. But the truth is, when something’s free, it usually comes at a price.

Free software is a good example of this. Usually it’s just a “taster”, something to whet your appetite or grab your attention, and further down the line you end up paying for a more robust version.

Free migration software is like this; a good foundation to start, but if you want all the bells and whistles to do it properly, then it’s worth paying a little extra.

Free Migration Tools

Migrations are incredibly complex, and the results can make or break a business. It’s not the kind of thing you want to put into the hands of the cheapest option available.

There are basically three serious options when it comes to free migration tools; Microsoft FastTrack, Google Workspace Migrate and third-party open-source software

Open-source software

There are plenty of free open-source software migration tools out there, and most of them are fit for purpose if you’re only moving small amounts of data that have no real importance. But when it comes to a large-scale data migration that’s part of the growth and development of your business, you will want to set your sights a little higher.

As you might expect, open-sourced migration software has limitations. The software takes longer to set up, will usually only migrate certain things (like files and folders, but not emails), and, most importantly, has a higher fail rate, meaning there’s more chance of your migration turning into a catastrophe.

As the software is open-sourced, there will be no guarantee of security because it will come without accreditation. For something as important as your company’s data, you should only ever use software that meets international standards of security, like CloudM.

Microsoft

FastTrack is a migration service provided by Microsoft and it’s available to all Microsoft 365 subscribers for free.

While FastTrack is suitable for simple file migrations, but it was not designed for anything more complicated.

When you are handling a big migration project, you want to be kept abreast of its progress.There is no update on the project until it’s complete, so there is no way of telling how long is left, how much data has been moved, and which files are still pending.

If you have additional requirements, special instances that need specific attention, or simply want someone to help fix unforeseen issues, then unfortunately there’s not much help available.

If any issues come up, there is no telephone or video support, only an email address to use, so a response is usually slow, by which time the issue might have done serious damage.

FastTrack is only available for customer tenants with 150 or more licenses and is also limited to a certain number of users, so for larger projects, you need more than one migration to move your data.

So to sum up Microsoft’s free migration tool, it might be worth it if you’re a small business with basic data to transfer. Anything larger or complicated should be left to bespoke migration software.

Google

For full migrations, Google will only transfer from one Google domain to another. That means if you’re on Microsoft or some other platform, you can’t use their tool.

Google does have GWMMO (Google Workspace Migration for Microsoft Outlook), but some categories of Email, Calendar, and Contacts are not supported to import in Gmail, while Journal entries, Outlook Notes, tasks, and RSS feeds aren’t imported at all through this method.

Google Migration is not always the speediest: you are allocated one server for your project and you’re migrated on that one server.

In fact, for more complicated migrations, Google often turns to third-party software themselves – like CloudM. So if your migration project needs to happen quickly, securely and effectively, you can cut out the middleman and come to us directly.

What can go wrong?

Unfortunately, a lot could go wrong during a data migration, which is why you should never go for the cheapest option. As we mentioned, migrations are complex, and the bigger the job, the more issues can potentially arise.

Losing data, leaving user information behind and data corruption are just a few of the common problems seen during a large migration.

These issues can have serious, real-world consequences. From reputation damage to hefty fines for data protection breaches, a problematic migration can be a nightmare for a company.

Any kind of problem is going to mean more work for your IT team – because here’s the thing with free migration software – if things do go wrong, who do you talk to about it? Who is accountable for lost or corrupted data? What number do you call to speak to someone? Who do you email about the issue?

Invariably, the answer is no one. And that’s where the true cost of free migration tools appears.

Migrate Reporting Status UI Graphics

Why you should use us

CloudM has a 99.8% success rate when it comes to data migrations, with over 68 million users migrated in 107 countries.

We offer a host of advantages over a free migration service, including speed, security, accountability, and perhaps most important of all, peace of mind.

Migrations can be stressful, and if you choose free software, you’ll increase that stress exponentially. You’ll have no regular updates, no sign of how successful your migration has been so far, and no idea of how long is left.

With us, you’ll have a personalized account manager, someone to oversee your project and keep you up to date with developments. You’ll be in full control of your data, you’ll know exactly what has been transferred and when, how far the project has come, and any issues that have arisen. Plus, with 24/7 product support available you know an expert is never far away.

We also provide Delta Migrations, allowing your business to carry on as normal during the project, so you have zero downtime. A Delta Migration works by migrating all your historical data – say everything up until the past three months – and then once that’s done, we do the last three months over a weekend when no one is working.

Working with us rather than a restrictive service or open-source software with no experts on hand gives you more options and greater agility in your migration. We can course correct if something comes up, and of course, handle everything for you instead of making you do all the work as free software would.

If done incorrectly, problems during a migration can lead to downtime, data loss and, in worse-case scenarios, legal troubles.

It simply isn’t worth the risk to use free, open-source software for something as important as your data. Let the professionals handle it.

You’re not just paying for the software, you’re paying for peace of mind. You’re paying for data security and accountability if anything goes wrong. You’re paying for a successful migration, and at the end of the day, that’s all that matters.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

Things to Consider When Defending Against a Rogue API

Application programming interfaces (APIs) are a crucial aspect of most businesses. Its responsibility involves the transfer of information between systems within an organization or to external companies. Unfortunately, a rogue API can expose sensitive data and the organization’s internal infrastructure to misuse.

A security breach could result in the leaking of sensitive customer data such as PHI or financial data. This article will give an overview of the vulnerabilities of APIs that hackers take advantage of and how best to secure them.

What is a Rogue API?

A rogue API is an API which lacks approval or authorization by a company to provide access to its data. Instead, they get created by third-party developers who access the company’s data through a back door.

Rogue developers often do not use the same security protocols abide by the same data privacy laws as the company. Several effects of these Rogue API activities include:

  • The collection of sensitive data from a business without permission, such as customer information, financial data, or proprietary information
  • The deletion or modification of stored data on a system.
  • The corruption of important files or rendering them inaccessible.
  • Using a rogue API allows the bypass security controls on a site.
  • A damaged reputation due to financial losses.

The Importance of API Security

Access to APIs occur through public networks from any location. This makes them easily accessible to attackers and simple to reverse-engineer.

APIs functions are central to microservices architectures. They help to build client-side applications that focus on customers, employees, partners, and more. The client-side application, like a web or a mobile application, interacts with the server side via the API. Invariably, they become a natural target for cybercriminals and are very sensitive to Denial of Service (DoS) attacks.

Consequently, implementing and maintaining API security (although an exhaustive process) becomes a critical necessity. Moreover, API security practices should cover access control policies and the identification and remediation of attacks on APIs. The best way to protect data is to ensure that only approved APIs access a company’s sensitive data.

Effective Strategies to Reduce Rogue API Vulnerabilities

Here are some steps organizations can take to protect against a rogue API:

  • Use a network security solution that detects and blocks API threats.
  • Grant access to sensitive data only to those who need it.
  • Conduct constant API activity monitoring for suspicious or unauthorized activity.
  • Promptly blocking suspicious IP addresses.
  • Keep all data secure by using trusted third-party services.

Best API Security Practices Against Rogue API

Get Educated on all Security Risks

Developers need in-depth knowledge of cyber criminals’ latest techniques to penetrate a system. One strategy is to get information from trusted online sources like newsletters, malware security blogs, and security news portals.

By being up-to-date with the latest hacking trends, developers can configure their APIs and ensure they thwart the latest attacks.

Authenticate & Authorize

Businesses need to carefully control access to their API resources. First, they must carefully and comprehensively identify all related devices and users. An effective strategy involves the use of a client-side application. It has to include a token in the API call so that the service can validate the client easily.

Furthermore, standard web tokens can be used to authenticate API traffic and to define access control rules. Businesses can also use grant types to determine which users, groups, and roles need access to specific API resources. For example, a user that only needs to read a blog or post a comment should only receive permission that reflects this.

Encrypt Your Data

All data requires appropriate encryption so that only authorized users can modify and decrypt the data.

It helps to protect sensitive data and enhance the security of communication between client apps and servers. The beauty is that encrypted data prevents unauthorized entities from reading them even with gained access.

Validate the Data

Most businesses rely only on the cleansing and validation of API data from external partners. Therefore, companies must implement data cleaning and validation routines to prevent standard injection flaws and attacks.

The use of debugging tools helps to examine the API’s data flow as well as track errors and anomalies.

Identify API Vulnerabilities

One important API security best practice is to perform a risk assessment. However, you must first know the faucets of your network remain vulnerable to risk .

Overall vulnerability can be difficult pinpoint because software organizations constantly use thousands of APIs simultaneously. To succeed with API security, establish measures that eliminate vulnerabilities to mitigate risk and meet security policies.

Furthermore, the discovery of vulnerabilities requires businesses to conduct rigorous testing. A great place to begin is at the initial phase of development. After that, it becomes easy to rectify them quickly.

Limit the Sharing of Confidential Information

Sharing only necessary information is a great management best practice, which is why a client application comes in handy. It filters relevant information from the entire data record present in API responses.

A developer should remember to remove sensitive information like passwords and keys before making the API publicly available. This prevents attackers from gaining access to sensitive data or entry to the application and the core of the API.

However, releasing only relevant information is a form of lazy programming. Other consequences include slowing response times and providing hackers with more information about the API access resources.

Final Thoughts on Rogue API Defense

API gateways focus on managing and controlling API traffic. Utilizing a strong API gateway minimizes security. Additionally, a solid API gateway would let organizations validate traffic and analyze and control how the API gets utilized.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Code security and safety tips when writing guidelines

Better safe than sorry! That is my motto and the motto of any person practicing web application security!

Preventing cyber-attacks starts at the very beginning of the development of the application by writing secure code.

Following secure coding standards helps developers to prevent common vulnerabilities in the code. Secure coding standards are a set of best practices and guidelines.

It is essential to have secure code standard implementation from the beginning because it will reduce future costs resulting from an exploit or the leak of sensitive data.

In this article, I wrote some practical tips you can use when creating your security code guideline for a simple web application. 

When creating the guideline, it is best to check out as much eligible documentation on the internet about the secure code topic. The complexity of the guideline will, of course, depend on your web application’s complexity and requirements.

You can check out these links: OWASP guidelines and/or OWASP Security Knowledge FrameworkSEI CERTMicrosoft-Writing Secured Code, and many more. 

I would divide this topic into two parts. One would be about choosing a framework and programming language for your application, and the second would be error handling, logging, and monitoring.  

As for the second part, you can check out the Error handling article I wrote. And I will not cover logging and monitoring topics because I plan to cover them in my future articles. After all, they are essential topics that would need special attention.

 

Selecting a framework for the application

There are two cases when you would need to choose the framework and programming language: when starting development of the application and when rewriting the application.

When starting to plan the application development and choosing the framework, this decision is often based on the experience of the team who will work on the product. 

The final decision is often to use some old framework because of developers’ lack of knowledge and time to learn a new one. Also, when choosing an old framework, its vulnerabilities are not checked. 

I will not focus on that case because the management team probably made a decision. I will focus on developers’ decisions, and I will mention that you should choose the framework that is the latest one or one of the latest. That would be the best practice because you will not need to migrate when you have a lot of source code already written. You will have the support of the new framework because it will not be deprecated (that is good because the framework will be tested for the latest vulnerabilities, and new updates with patches will be available). You will be in sync with the technologies!

If you have some older web applications, you can scan them with SCA tools and find all older versions if they have security vulnerabilities. You can check out one article which compares Software Composition Analysis Tools in 2022. This approach will help you with the migrations. You can create a grid of all insecure versions of SCA (Software Composition Analysis) found and suggest the newer versions without vulnerabilities. SCA tools should also be used to scan the repository weekly and in your pipeline on every build.

All frameworks have integrated security features, and it is important to check them out to see if they cover all the security features you want in your product. And keep in mind that by using fewer types of technologies, frameworks, languages, libraries, components, etc., you are reducing the maintenance of systems and the attack surface, which is always good. 

 

List of security steps

 

Handling of data

  • Validate input: type, size, format, source.

  • Verification is performed on the server side. If the input is invalid, reject it and give the user an error message with a description of what you expect.

  • If you must accept special characters, you must escape them.

  • If an input triggers some CRUD operations such as add, delete, update, verify this is not a CSRF attack by checking the token, captcha, or some other re-authentication

  • If the input is presented to the user, input needs to be output encoded.

  • If the input is part of the query in the DB, use parametrized queries. So, use parameterized queries (place input in them) with stored procedures to prevent DB injection attacks.

  • If you need redirection to a different site in the app, create a list of pre-approved links and check the link when redirecting

 

HTTP verbs

Most web applications only use GET, POST, OPTIONS, and HEAD. All unused are unrequired and should be disabled to reduce the attack surface.

For more info on how to disable dangerous HTTP methods, you can check out this link.

 

Identity

 

You should never create your own system for identity. Always buy a pre-made system unless you have unique business requirements that force you to create your own—in which case, use a well-established protocol such as OAuth. If it is a system within a network, you can use the most common network identity system, Active Directory. Many other identity systems on the market can also perform this functionality, such as some public cloud providers.

 

Session management

 

If your chosen programming framework has session management features, use them. Do not write your own from scratch.  

  • Session IDs should be at least 128 characters long.

  • Use unpredictable IDs.

  • Use the built-in session management implementation in your framework,

  • The session ID should have an expiration date and/or time.

  • The session ID should only be passed over encrypted channels.

  • The session should be destroyed after a user logs out.

  • Web applications must never accept a session ID they have never generated. 

I already covered all the best practices in session management series parts one and two. Check them out!

 

Memory safe code

 

If you are using a programming language that is not memory safe:

  • Migrate to the new memory-safe language. The Rust programming language is an example of a memory-safe alternative to C and C++. Examples of memory-safe languages include Java, .Net (VB and C#), and Ruby on Rails.

  • Perform bounds and type-checking on every input every single time.

  • If your language has a framework overlay available or dependency you can add that can test bounds for you, use it.

  • Create unit tests for your bounds checking to make a regressive testing system run on every new code check-in.

  • Perform a code review and verify every input has proper testing.

  • If available, add compilation options to detect these types of issues.

 

Authentication

You shouldn’t write your own authentication system from scratch. A lone software developer on a project team should always use existing tried-and-true systems. That system can be eighter pre-existing internet identity online service from a third party to verify your users or a free library or software system to become part of your system to perform the identity functionality for you.

 

Authorization

 

Role Based Access Control, or RBAC for short is the most popular methodology for determining access. It means “determine someone’s access based on the role assigned in your system.”

 

There are three other widely accepted access control models:

  • Discretionary Access Control (DAC)

  • Mandatory Access Control (MAC)

  • Permission Based Access Control (PBAC)

 

Based on the requirement of the system, you would choose the access control model.

 

Conclusion

I hope I have given you some direction on creating your own secure coding standard. There are plenty of tips on best practices on the internet regarding secure coding, so you should gather as much as possible before developing your own model. 

You should take initiative to create your secure coding standard and if it was not required to explain to others why it is important to have one.

Cover photo by Matthew Waring

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.