This article is not intended to be the last word into network cybersecurity, but just to point out some facts and review possible solutions.
IT devices such as computers, routers, switches, and mobile devices are entry points that can be exploited by hackers, viruses, and other parties if left unsecured.
There are many general practices for network computing security that apply to any company. However, critical industries and government agencies will probably require extreme measures.
Once an organization’s IT network and infrastructure are breached, the damage can be catastrophic. Recovery costs can be huge. And besides, a damaged reputation after a cyber-attack may kill large and small businesses.
Defining Network Security
Basically, network security combines different layers of access defenses to protect proprietary information from any attack. While authorized users gain access to network resources, any malicious actors get blocked from carrying out exploits and threats.
Solid corporate cybersecurity must include critical infrastructure security, network security, application security, information security, cloud security, and data loss prevention.
End-user education is also a must.
Even when each network security layer requires specific policy controls and not all the users will enjoy the same permissions, their understanding of the security measures taken becomes crucial.
Otherwise, a user with wide access permissions may put the whole network in danger. We will discuss this particular topic shortly.
Today we will focus on preventing malicious attacks from external sources.
Networks in Danger
“Threat actors breaching company networks are deploying a cornucopia of malware over the remote desktop protocol (RDP), without leaving a trace on target hosts.” Writes Ionut Ilascu, a technology writer with a deep focus on cybersecurity.
In Ionut Ilascu words: “Cryptocurrency miners, info-stealers, and ransomware are executed in RAM using a remote connection, which also serves for exfiltrating useful information from compromised machines.” (source here)
Even a worldwide adopted tool like Windows RDS has many features that can be exploited for malicious actions. For instance, there’s a feature in Windows Remote Desktop Services that allows a client to share local drives to a Terminal Server with reading and write permissions.
Types of cybersecurity
Network security: Protects internal networks from intruders by securing infrastructure. Examples of network security include the implementation of two-factor authentication (2FA) and new, strong passwords.
Application security: Uses software and hardware to defend against external threats that may present themselves in an application’s development stage. Examples of application security include antivirus programs, firewalls, and encryption.
Information security: Also known as InfoSec, protects both physical and digital data—essentially data in any form—from unauthorized access, use, change, disclosure, deletion, or other forms of malintent.
Cloud security: A software-based tool that protects and monitors your data in the cloud, to help eliminate the risks associated with on-premises attacks.
Data loss prevention: Consists of developing policies and processes for handling and preventing the loss of data, and developing recovery policies in the event of a cybersecurity breach. This includes setting network permissions and policies for data storage.
Critical infrastructure security: Consists of cyber-physical systems such as electricity grid and water purification systems.
End-user education: Acknowledges that cybersecurity systems are only as strong as their potentially weakest links: the people that are using them. End-user education involves teaching users to follow best practices like not clicking on unknown links or downloading suspicious attachments in emails—which could let in malware and other forms of malicious software.