Transcription
Imagine you are the Information Systems Security Officer at your company and are tasked with creating a cybersecurity threat awarenesstraining.You must create an infographic or job aid for the company’s intranet and a brief presentation for the company’s stakeholders, includingexecutives, managers, and staff.Create a 1-page infographic or job aid of the cyber domain using the DoD or OSI model.Identify 5 to 7 threats to the cyber domain, including at least 1 threat for each of the layers in your infographic.Create a 4- to 6-slide presentation.Discuss the challenges of securing each layer of the cyber domain in the company’s cyber threat awareness training in your presentation.Select 3 threats from your infographic or job aid.Identify 2 challenges from the threats you identified.The security of the organization is big important now a days. The employees are asset for cybersecurity, and these employees can createrisk to organization. So the training time to time is very important in all organizations. If employees are provided with the knowledge theyrequire to identify cyberthreats , through an effective and engaging security training program, they can act as another line of defense for anorganization.1.Even though the OSI model utilizes the TCP/IP Protocol, the OSI model was originally defined by the Open Systems Interconnection (OSI)group to promote the OSI protocol in its aim to produce a standardized network architecture for network communication. Ultimately the OSIprotocol, though it supported more addresses, lost to the competing TCP/IP protocol because of its complexity. Ironically, the TCP/IP modelis now utilizing longer IPv6 addresses that resemble the original OSI protocol in complexity.We’ve composed this nifty infographic on the OSI model because All People Seem To Need Data Processing (another mnemonic to helpmemorize the OSI model forward).
Cybersecurity threats exist at all OSI-ISO model layers beginning at Layer 7 – the Application Layer because that’s the place where usersbegin by interfacing to the network. For the purposes of creating the most comprehensive cybersecurity plan we must actually startBEFORE the Application Layer and address perhaps the biggest vulnerability in the entire network – the user. Users are human and farmore subject to making costly errors than are computers and other digital devices which will perform the same function the same way everytime.The best example is found in one of the top malware attacks or threats in the cyber landscape – ransomware. Fraudsters send out a“phishing” email that looks very authentic, very much as if it actually comes from where it says it does. But somewhere in that email is a linkfor the user to click or an attachment for the user to open. The text provides powerful inducements to get the user to do so. Once they dotheir data is either encrypted, corrupted, or stolen. The only way to get it back is to pay a ransom, thus ransomware.The attackers know the user is their best place to gain access.Threats at each layer of the ISO-OSI model include:APPLICATION LAYER THREATSSecurity software developer F5 tells us, “Examples of application layer attacks include distributed denial-of-service attacks (DDoS) attacks,HTTP floods, SQL injections, cross-site scripting, parameter tampering, and Slowloris attacks. To combat these and more, mostorganizations have an arsenal of application layer security protections, such as web application firewalls (WAFs), secure web gatewayservices, and others.” The team at SecurityIntelligence points out that, “The application layer is the hardest to defend. The vulnerabilitiesencountered here often rely on complex user input scenarios that are hard to define with an intrusion detection signature. This layer is alsothe most accessible and the most exposed to the outside world. For the application to function, it must be accessible over Port 80 (HTTP)or Port 443 (HTTPS).” Other possible exploits at the Application Layer include viruses, worms, phishing, key loggers, backdoors, programlogic flaws, bugs, and trojan horses.Your cybersecurity plan must include Application Monitoring which is the practice of monitoring software applications using a dedicated setof algorithms, technologies, and approaches to detect zero day and application layer (Layer 7 attacks). Once identified these attacks can bestopped and traced back to a specific source.PRESENTATION LAYER THREATSThe most prevalent threats at this layer are malformed SSL requests. Knowing that inspecting SSL encryption packets is resourceintensive, attackers use SSL to tunnel HTTP attacks to target the server.Include in your mitigation plans options like offloading the SSL from the origin infrastructure and inspecting the application traffic for signs ofattacks traffic or violations of policy at an applications delivery platform (ADP). A good ADP will also ensure that your traffic is then reencrypted and forwarded back to the origin infrastructure.SESSION LAYER THREATDDoS-attackers exploit a flaw in a Telnet server running on the switch, rendering Telnet services unavailable.
In the regular maintenance portion of your plan be sure to remind operators to check with your hardware provider to determine if there's aversion update or patch to mitigate the vulnerability.TRANSPORT LAYER THREATSAccording to Network World, “Many businesses use Transport Layer Security (TLS) to secure all communications between their Webservers and browsers regardless of whether sensitive data is being transmitted. TLS is a cryptographic protocol that provides end-to-endcommunications security over networks and is widely used for internet communications and online transactions. It is an IETF standardintended to prevent eavesdropping, tampering and message forgery. Common applications that employ TLS include Web browsers, instantmessaging, e-mail and voice over IP.”NETWORK LAYER THREATSRouters make decisions based on layer 3 information, so the most common network layer threats are generally router-related, includinginformation gathering, sniffing, spoofing, and distributed denial of service (DDoS) attacks in which multiple hosts are enlisted to bombard atarget router with requests to the point where it gets overloaded and cannot accept genuine requests.The most effective protection is achieved by consistently observing best practices for router, firewall and switch configurations. At the routeritself it is important to constantly assure that the router operating system is up to date on all security patches, packet filtering is keptenabled and any unused ports are blocked, unused services, and interfaces are disabled. Keep logging enabled and conduct regularauditing of any unusual activity that may occur.It’s also advisable to place firewalls between your network and all untrusted networks. Always keep that firewall up to date with all issuedsecurity patches, enable packet filtering, and keep logging enabled so you can audit any anomalies.Any switches on your network must also be kept updated with all security patches, with any unused interfaces or services disabled. Makecertain that all switch traffic is encrypted.DATA-LINK LAYER THREATSCisco explains that, “The data link layer provides reliable transit of data across a physical link. The data link layer is concerned withphysical, as opposed to logical addressing, network topology, network access, error notification, ordered delivery of frames, and flowcontrol. Frame-level exploits and vulnerabilities include sniffing, spoofing, broadcast storms, and insecure or absent virtual LANs (VLANs,or lack of VLANs). Network interface cards (NICs) that are misconfigured or malfunctioning can cause serious problems on a networksegment or the entire network.”Most companies that have experienced Address Resolution Protocol (ARP) spoofing, Media Access Control (MAC) flooding or cloning, PortStealing, Dynamic Host Configuration Protocol (DHCP) Attacks, layer 2-based broadcasting or Denial of Service Attacks have immediatelyfocused on improving port security. They also configure their switches to limit the ports that can respond to DHCP requests, implementstatic ARP and install Intrusion Detection Systems (IDS).
PHYSICAL LAYER THREATSAsk any cybersecurity professional to define where the network is and they’ll point at “the wires in the walls.” What they’re saying is that thecopper and fiber-optic cables that connect everything together create the actual network that everything else uses. Most threats at this layerinvolve interruption of the electrical signals that travel between network nodes including the physical cutting of cables, natural disasters thatbring flood waters which can cause short-circuits, or other human vandalism.Many companies mitigate these failures by bringing in multiple circuits to the internet. It should be noted that this works well until a backhoedigs up a critical corner through which all carrier circuits run, thus disabling all of the multiple paths. The aftermath of many disastersillustrates the superior strategy being the placement of all network core elements such as servers and storage at multiple redundant clouddata centers. Should a major carrier cable be cut, only users will be affected, and they can switch to wireless access or other locations untilrepairs are completed.Prevent Cybersecurity Threats Before they Become a Problem:Since users are our most unpredictable network component it is critical that your cybersecurity plan address best practices and operatingrequirements on your network, but the plan is equally important to the digital devices that help create the comprehensive defense we’vebeen discussing. The purpose of a firewall, for example, is to enforce your security policies and rules. That’s not possible if you have nosecurity policies and rules.Consider bringing cybersecurity end user safety training to your organization. This 2 hour, life, instructor-led course teaches end users howto be safe and spot digital threats online. For cybersecurity professionals, you should consider cybersecurity training certifications fromCertified Ethical Hacker (CEH) to Certified Chief Information Security Officer (CCISO).In the case of cybersecurity, a failure to plan is a short-term strategy. Fitting security in at every layer is just one piece of a comprehensivecybersecurity plan. Attacks will happen, and they will disrupt and disable operations, which is ultimately an existential hazard.2.slide 1:What Is Security Awareness Training?Security awareness training is a form of education that seeks to equip members of an organization with the information they need to protectthemselves and their organization's assets from loss or harm. For the purposes of any security awareness training discussion, members ofan organization include employees, temps, contractors, and anybody else who performs authorized functions online for an organization.
Organizations that must comply with industry regulations or frameworks such as PCI (Payment Card Initiative), HIPAA (Health InsurancePortability and Accountability Act of 1996), the Sarbanes-Oxley reporting requirements, NIST or ISO usually deliver security awarenesstraining to all employees once or perhaps twice a year.And even though it may not be required by Small and Medium Enterprises for compliance reasons, they can also benefit from training theiremployees to avoid cyberheists through phishing attacks, account takeovers, or other well-known means that cybercriminals use tomisappropriate company funds.2:Why Security Awareness Training?To be aware, you need to be able to confront (face things as they are). KnowBe4 helps employees confront the fact that bad guys are tryingto trick them. Once they confront that, they become aware and able to detect these scam emails and can take appropriate action likedeleting the email or not clicking a link.Cybercrime is moving at light speed. A few years ago, cybercriminals used to specialize in identity theft, but now they take over yourorganization’s network, hack into your bank accounts, and steal tens or hundreds of thousands of dollars. Organizations of every size andtype are at risk. Are you the next cyber-heist victim? You really need a strong human firewall as your last line of defense.3:Website security is more important than ever. Web servers, which host the data and other content available to your customers on theInternet, are often the most targeted and attacked components of a company’s network. Cyber criminals are constantly looking forimproperly secured websites to attack, while many customers say website security is a top consideration when they choose to shop online.As a result, it is essential to secure servers and the network infrastructure that supports them. The consequences of a security breach aregreat: loss of revenues, damage to credibility, legal liability and loss of customer trust. The following are examples of specific securitythreats to web servers: Cyber criminals may exploit software bugs in the web server, underlying operating system, or active content togain unauthorized access to the web server. Examples of unauthorized access include gaining access to files or folders that were notmeant to be publicly accessible and being able to execute commands and/or install malicious software on the web server. Denial-ofservice attacks may be directed at the web server or its supporting network infrastructure to prevent or hinder your website users frommaking use of its services. This can include preventing the user from accessing email, websites, online accounts or other services. Themost common attack occurs when the attacker floods a network with information, so that it can’t process the user’s request. Sensitiveinformation on the web server may be read or modified without authorization. Sensitive information on backend databases that are usedto support interactive elements of a web application may be compromised through the injection of unauthorized software commands.Examples include Structured Query Language (SQL) injection, Lightweight Directory Access Protocol (LDAP) injection and cross-sitescripting (XSS). Sensitive unencrypted information transmitted between the web server and the browser may be intercepted. Informationon the web server may be changed for malicious purposes. Website defacement is a commonly reported example of this threat. Cyber
criminals may gain unauthorized access to resources elsewhere in the organization’s network via a successful attack on the web server. Cyber criminals may also attack external entities after compromising a web server. These attacks can be launched directly (e.g., from thecompromised server against an external server) or indirectly (e.g., placing malicious content on the compromised web server that attemptsto exploit vulnerabilities in the web browsers of users visiting the site). The server may be used as a distribution point for attack tools,pornography or illegally copied software.4:Cyber Plan Action Items:1. Carefully plan and address the security aspects of the deployment of a public web server.2. Implement appropriate security management practices and controls when maintaining and operating a secure web server.3. Ensure that web server operating systems meet your organization’s security requirements.4. Ensure the web server application meets your organization’s security requirements.5. Ensure that only appropriate content is published on your website.6. Ensure appropriate steps are taken to protect web content from unauthorized access or modification.7. Use active content judiciously after balancing the benefits and risks.8. Use authentication and cryptographic technologies as appropriate to protect certain types of sensitive data.9. Employ network infrastructure to help protect public web servers.10. Commit to an ongoing process of maintaining web server security.How To Run A Successful Security Awareness Training Program In Your OrganizationCritical Components of a Security Awareness Program1. Content - Content is king! As humans we all prefer different types and styles of content. Don’t approach content in your program asone size fits all. Match different content types to different roles in your organization.2. Executive Support & Planning - Materials that will help you continue to prove the value of the program to your executive team, andalso to show auditors/regulators that you are doing the right thing.
3. Campaign Support Materials - A successful program shouldn’t be ‘one and done’, treat it as a marketing endeavor. Once-a-year,‘check the box’ training will not work toward changing user behavior. Continuously presenting the information in different ways,when it coincides with the context of their life, is what will influence their decisions and make it EASIER for users to make smarterchoices.4. Testing - People need to be put in a situation where they will have to make a decision that will determine if the organization getsbreached or not. Phishing simulations prompt users to either click a link, report the phish, or do nothing. You want to give them anopportunity to report phishing attempts and help the organization increase resilience. If they do fall for the phish, you want the abilityto do training then and there to create a learning moment. Doing nothing isn't ideal as it leaves the potential threat out there andthere's an opportunity for others in the organization to click.5. Metrics & Reporting - You need to be able to show you are closing security gaps. Reporting is also useful for optimizing campaignsbased on past results. You want to be able to see what is working well and what can be improved upon.6. Surveys/Assessments - These types of tools can help you understand the attitudes of your organization and how well your program isresonating with your people so you can adapt. Think of it as a pulse check of subtle nuances that are different thanmetrics/reporting such as opinions, frame of mind, etc.
DDoS-attackers exploit a flaw in a Telnet server running on the switch, rendering Telnet services unavailable. In the regular maintenance portion of your plan be sure to remind operators to check with your hardware provider to determine if there's a version update or patch to mitigate the vulnerability. TRANSPORT LAYER THREATS According to Network World, "Many businesses use Transport Layer .
