Lead Image © JPaget RFphotos, 123RF.com
Diving into infrastructure security
Trackers
If you are responsible for protecting the corporate infrastructure, you probably have various security products in use to support you in this task – with a distinction made between network and host security. These terms primarily relate to where a security system is deployed. Firewalls or network intrusion detection systems (NIDS) are deployed at central points on the network, and antivirus programs or host intrusion detection systems (HIDS) are put on as many computers as possible in the enterprise.
Firewalls let you allow or deny network connections according to a fixed ruleset and primarily prevent requests from the Internet access to the corporate network. Depending on the size of your environment, firewalls can also isolate different departments. In addition to a fixed set of rules, a NIDS can use dynamic or heuristic detection techniques that classify network connections on the basis of metadata, as well as communication content, and trigger an alert when suspicious connections are detected.
Classic antivirus programs protect your computer by means of bytecode signatures or use heuristics that combine special system calls or file and hardware access. HIDS also monitors user actions, files, and directories, as well as the registry and network connections. Some vendors specifically enhance their virus scanners with HIDS-specific features to enable comprehensive host security.
Even if you have implemented the normal protections in your company, as an administrator or security analyst you will want to take a more in-depth look in some situations (e.g., employees reporting irregularities in IT-specific processes, such as untypical behavior of their PCs or certain programs) to make sure attacks on your infrastructure are not happening. Also, attacks on high-ranking targets by smart hackers can encourage a look into infrastructures to search for signs of attacks.
TTPs, IoCs, and
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Sharing threat information with MISP
The Malware Information Sharing Platform lets you record and document security incidents – and share the information with users on other networks. -
Forensic analysis with Autopsy and Sleuth Kit
Forensic admins can use the Autopsy digital forensics platform to perform an initial analysis of a failed system, looking for traces of a potential attack. -
Incident Analysis with The Hive and Cortex
Deployed together, The Hive platform and Cortex automation tool optimize the workflow for your incident response team. -
Extended detection and response in networks, endpoint devices, and the cloud
Extended detection and response (XDR) integrates security functions across endpoint devices and networks. But is XDR the only integrated approach to cybersecurity challenges? We investigate the new technology. -
Employing DNS in network security
A holistic approach to designing network architecture and cybersecurity uses DNS for cyber defense to detect attacks at an early stage and fend them off before major damage takes place.