21/12/2024 Info & News page

Cybersecurity: threats and controls – 3

Security controls:

Security controls are essential for safeguarding the confidentiality,integrity, and availability of critical information and other crucial assets from potential threats.
There are various security controls that safeguard hardware, software, networks, and data from potential harm.
These include administrative controls, physical controls, and technical controls.
When a security measure is implemented, its function is broadly specified into different categories.
Some of these include deterrent controls, preventive controls, detective controls, and corrective controls.

Control types and functions:

The following overview illustrates a few distinctive functions of administrative, physical, and technical controls. These controls are categorized based on their primary functions: preventive, detective, deterrent, and corrective. By aligning the control types with their respective functions, you can clearly understand how each measure contributes to safeguarding an organization’s assets, information, and personnel.

PreventiveDetectiveDeterrentCorrective
AdministrativePolicies for hiring and firing Policies for data classification Separation of duties Mandatory vacation timeRegular audits and reviews Employee activity monitoring Anonymous internal reporting systemsPolicies defining the personal consequences of policy violation Security awareness training highlighting the potential risks and damages associated with policy violationImplement a business continuity plan Implement an incident response (IR) plan
Physical

Gates Locks Fences
Surveillance cameras Motion sensors Environmental monitoring systems Tamper detection devicesSecurity guards Reception desks LightingRepair broken controls Deactivate and reissue lost or stolen access cards
TechnicalAntivirus software Intrusion prevention systems Multifactor authentication (MFA) FirewallsHoneypots Intrusion detection systems Security information and event management (SIEM) systemsBanners with legal warnings about unauthorized access Access control lists (ACLs)Perform vulnerability patching Quarantine detected viruses Reboot the system

System security:

System security protects computer systems and their information from unauthorized access, damage, or theft. IT professionals actively implement a variety of methods and tools to maintain system security, including access controls, encryption, patching, regular backups, system-level firewalls, and antivirus software.

Network security:

Network security protects networking infrastructure from unauthorized access, exploitation, or theft.
Network security has three primary objectives: block unauthorized entities from accessing network assets,
identify and halt ongoing cyberthreats and infractions, and ensure that legitimate users can securely obtain network assets when required.
Cybersecurity professionals combine several technologies to provide a secure network: firewalls, NACs,
IDPSs, VPNs, network segmentation, endpoint security solutions, SIEM, and SOAR.

Secure application design:

The software development life cycles is a structured sequence of stages outlining the software development process from the beginning to the end. Application security involves incorporating a series of secure practices and processes into every phase of the software creation process. The key secure coding practices for enhancing application security include, input validation ,error handling, secure logging, avoid leaving hardcoded credentials, access control, encryption, and software secure testing.

Incident response (IR):

Evolving cyber attacks require organizations to maintain an efficient IR strategy comprising a response team,
effective processes, and technological solutions.
There are four key phases in the IR lifecycle: preparation and planning; detection and analysis; containment,
eradication and recovery; and post-incident activities.

Extra information:

What is DNS?

DNS stands for Domain Name System. When you access a website, you use this service to locate the server where the domain’s website is. When browsing the web, you usually type in a domain name like www.google.com into your browser. This is better than trying to remember an IP address linked to a Google server.

Behind the scenes, a conversion happens using this service, which converts www.google.com to 172.217.12.46. The IP address determines the location of a web server on the internet, and the nameserver that the domain is using is queried for any entries for the domain. This conversion process is called DNS resolution. This is an integral part of how DNS works to help devices communicate over the internet. Here is a review of the step-by-step query process to better understand exactly how it works.

How Does the DNS Process Work?

Step 1: Requesting Website Information

Visit a website by typing a domain name into a web browser. Your computer will start resolving the hostname, such as www.liquidweb.com. Your computer will then search for the IP address for the domain name in the local DNS cache. This cache stores any information that our computer has recently saved.

If a site’s information is present locally, then the website will begin to load relatively quickly. If your computer does not have the data (that is, if it’s your first time visiting a particular site), it will perform a DNS query to retrieve the correct information. New sites may take a few milliseconds longer than a site from your local cache.

Step 2: Contact the Recursive DNS Servers

When the information is not in your computer’s local cache, it will query another server. Recursive DNS servers have their own local cache, much like your computer.

Another name for recursive DNS servers is DNS resolvers. It’s possible that a common domain name is already in its cache. If the domain is cached, the query will end here, and the website will display to the user.

Step 3: Query the Authoritative DNS Servers

If a recursive DNS server or servers do not have information stored in cache memory, it looks elsewhere. The query will continue up the chain of authoritative DNS servers.

The server continues its search until it finds a nameserver for the domain. These authoritative nameservers store these records for their respective domain names.

Step 4: Access the DNS Record

To locate the IP address for liquidweb.com, query the authoritative nameserver for the A record. A recursive DNS server reads the address record for liquidweb.com from the authoritative nameservers. It then stores the record in its local cache.

If some other query requests the A record for liquidweb.com, the recursive server will have the answer. All DNS records have a Time-to-Tive (TTL) value, which shows when a record will expire. After expiration, the recursive DNS server will ask for an updated copy of the records.

Step 5: Final DNS Step

The recursive DNS server holds the associated information and returns the A record to your PC Your computer will then store the record in the local cache. The IP address is read from the DNS record and passed it to your web browser. Your browser will then connect to the server associated with the A record’s IP and render corresponding website.

What DNS does, from start to finish, takes only milliseconds to complete. For a better understanding, here’s a breakdown of the components that make up the lookup process.

Types DNS Servers

Authoritative DNS Server

An authoritative nameserver is a server that stores DNS records (A, CNAME, MX, TXT, etc.) for domain names. These servers will only respond to queries for locally stored DNS zone files.

Any nameserver can store a zone file for a domain, but that doesn’t make it authoritative. A nameserver becomes authoritative if the domain’s registrar points the internet to that nameserver for the domain’s information.

Recursive Nameserver

A recursive nameserver is a DNS server that receives queries for informational purposes. These types of servers do not store DNS records.

When a query is received, it will search the cache memory for an address linked to the IP address. If the recursive nameserver has the information, then it will return a response to the query sender. If it doesn’t have the DNS record, the query will be forwarded to other recursive nameservers. This process continues until it reaches an authoritative DNS name server that can provide the IP address.

DNS Zones

A DNS zone is a subset of the Domain Name System (DNS) that holds administrative and authoritative information about a domain. When a domain is registered, it must be assigned an IP address so that it may be accessed through the internet. DNS zones aid in resolving domain names to IP addresses.

A DNS zone is a database of numerous records that give domain information, such as IP addresses of connected servers and other services. It includes A records, CNAME records, MX records, PTR records, NS records, and others.

DNS zones enable the delegation of authority for subdomains to multiple nameservers and offer precise control over domains or subdomains. If your domain name is example.com, you may create a separate DNS zone for blog.example.com, handled by a different set of nameservers. This provides more granular control over several aspects of your Domain Name System.

DNS Zone File

A DNS zone file is essentially a text file stored on a server. Each domain has its own file with subdomains containing individual records.

The zone file must have the TTL (Time to Live) listed. Depending on the record and the nameserver type, it is listed before any other information. The TTL specifies how long a DNS record is in the server’s cache memory.

The zone file can only list one record per line. It will display the Start of Authority (SOA) record listed first. The SOA record contains information essential to what DNS is, including the primary authoritative nameserver for the DNS Zone.


    Verified by MonsterInsights