This is a great question. While I have only been in infosec for a year, I think one of the most important devices to check for hardening is the firewall. The firewall is the gatekeeper to your environment. All firewall rules should be inspected and peer reviewed to ensure they allow the correct traffic in. One bad configuration in a firewall rule is all an attacker needs. One of the biggest no-nos I have seen in a firewall configuration is an “any, any, any” rule. This is a rule that allows any IP address in, to any IP address in the environment, to any port they wish.
Great question, Akshay! I have been following this story very closely since this affects me. One of the solutions which could have prevented the attack would be two-factor-authentication. Where you are required to have a key or device, in this particular case, the Canadian government focused on keeping the keeping system accessible to all the Canadians. Hence, there was not any two-factor-authentication in place. Further, there needs to be education amongst the people regarding modern security threats. Be it the changing of password regularly and monitoring of account activity.
I would like to say that this ‘Depends”, first the business , budget, type of information and information systems.
For security assessment, some tools that can be put to use are Vulnerability tools such as SIEM tools LogRythm, Nexpose , AppScan that can be used to scan the network, capture the logs of all the servers on the network, to ensure that patches are up-to-date and identify services that might have running on the network such as open ports open, services, users and rights that exists on each server. .
A good way to start is to have a baseline and then compare that baseline to what you have on the network to determine what measures you have to take towards protection.
Anthony Messina says
This is a great question. While I have only been in infosec for a year, I think one of the most important devices to check for hardening is the firewall. The firewall is the gatekeeper to your environment. All firewall rules should be inspected and peer reviewed to ensure they allow the correct traffic in. One bad configuration in a firewall rule is all an attacker needs. One of the biggest no-nos I have seen in a firewall configuration is an “any, any, any” rule. This is a rule that allows any IP address in, to any IP address in the environment, to any port they wish.
Rudraduttsinh says
Great question, Akshay! I have been following this story very closely since this affects me. One of the solutions which could have prevented the attack would be two-factor-authentication. Where you are required to have a key or device, in this particular case, the Canadian government focused on keeping the keeping system accessible to all the Canadians. Hence, there was not any two-factor-authentication in place. Further, there needs to be education amongst the people regarding modern security threats. Be it the changing of password regularly and monitoring of account activity.
Chidiebele Okosi says
I would like to say that this ‘Depends”, first the business , budget, type of information and information systems.
For security assessment, some tools that can be put to use are Vulnerability tools such as SIEM tools LogRythm, Nexpose , AppScan that can be used to scan the network, capture the logs of all the servers on the network, to ensure that patches are up-to-date and identify services that might have running on the network such as open ports open, services, users and rights that exists on each server. .
A good way to start is to have a baseline and then compare that baseline to what you have on the network to determine what measures you have to take towards protection.