User:Shawndouglas/sandbox/sublevel3

From LIMSWiki
Jump to navigationJump to search

This step is actually closely tied to the next step concerning gap analysis. As such, you may wish to address both steps together. You've already identified your critical and non-critical assets, and performing a gap analysis on them may be a useful start in finding and analyzing the logical entry points of a system. But what are some of the most common entry points that attackers may use?[1][2][3][4]

  • Inbound network-based attacks through software, network gateways, and online repositories
  • Inbound network-based attacks through misconfigured firewalls and gateways
  • Access to systems using stolen credentials (networked and physical)
  • Access to peripheral systems via communication protocols, insecure credentials, etc. through lateral movement in the network

From email and enterprise resource planning (ERP) applications and servers to networking devices and tools, a wide variety of vectors for attack exist in the system, some more common than others. Analyzing these components and configurations takes significant expertise. If internal expertise is unavailable for this, it may require a third-party security assessment to gain a clearer picture of the entry points into your system. Even employees and their lack of cybersecurity knowledge may represent points of entry, via phishing schemes.[5][4] This is where training and internal random testing (addressed later) come into play.[5]

Physical access to system components and data also represent a significant attack vector, more so in particular industries and network set-ups. For example, industrial control systems in manufacturing plants may require extra consideration, with some control system vendors now offering an added layer of physical security in the form of physical locks that prevent code from being executed on the controller.[2] Cloud-based data centers and field-based monitoring systems represent other specialist situations requiring added physical controls.[5][6][7] That's not to say that even small businesses shouldn't worry about physical security; their workstations, laptops, USB drives, mobile devices, etc. can be compromised if made easy for the general public to access offices and other work spaces.[7] In regulated environments, physical access controls and facility monitoring may even be mandated.

References

  1. Kumar, A.J. (6 September 2016). "Discovering Entry Points". InfoSec Institute. https://resources.infosecinstitute.com/discovering-entry-points/. Retrieved 23 July 2020. 
  2. 2.0 2.1 Ahmed, O.; Rehman, A.; Habib, A. (12 May 2019). "Industrial control system (ICS) cybersecurity advice, best practices". Control Engineering. CFE Media LLC. https://www.controleng.com/articles/industrial-control-system-ics-cybersecurity-advice-best-practices/. Retrieved 23 July 2020. 
  3. Bonderud, D. (11 June 2019). "Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats". SecurityIntelligence. IBM. https://securityintelligence.com/media/podcast-lateral-movement-combating-high-risk-low-noise-threats/. Retrieved 23 July 2020. 
  4. 4.0 4.1 "Incident Classification Patterns and Subsets". 2019 Data Breach Investigations Report. Verizon. 2019. https://enterprise.verizon.com/resources/reports/dbir/2019/incident-classification-patterns-subsets/. Retrieved 23 July 2020. 
  5. 5.0 5.1 5.2 Downing, K. (December 2017). "AHIMA Guidelines: The Cybersecurity Plan" (PDF). American Health Information Management Association. https://journal.ahima.org/wp-content/uploads/2017/12/AHIMA-Guidelines-Cybersecurity-Plan.pdf. Retrieved 23 July 2020. 
  6. Lebanidze, E. (2011). "Guide to Developing a Cyber Security and Risk Mitigation Plan" (PDF). National Rural Electric Cooperative Association, Cooperative Research Network. https://www.cooperative.com/programs-services/bts/documents/guide-cybersecurity-mitigation-plan.pdf. Retrieved 23 July 2020. 
  7. 7.0 7.1 "How to Develop A Cybersecurity Plan For Your Company (checklist included)". Copeland Technology Solutions. 17 July 2018. https://www.copelanddata.com/blog/how-to-develop-a-cybersecurity-plan/. Retrieved 23 July 2020.