What are some of the different cyber security standards?

Over a period of time, there have been many security standards developed that have lead to organizations being able to increase their level of security and preventing because of which the organizations are becoming more capable of safely practicing security techniques. These standards are termed as cyber security standards and are meant to minimize the chance of successful attacks on organizations and increase their cyber security. In these guides, a general outline of cyber security is given along with the specific techniques that should be implemented. There are certain standards for which an accredited body can grant a cyber-security certification. With cyber security certification one gets many advantages and one of them is benefits in terms of cyber security insurance.
Nowadays a lot of sensitive and critical information is stored on networks, clouds and computers and this is one of the reasons behind the creation of these standards. Different cyber security standards are:

- ISO/ IEC 27002: This calls for assurance and security of the information. A part of the security management practice is given in the ISO/ IEC 27002. It is also known as BS7799. It serves as a guide for good cyber security management. This is a very high level explanatory guide. This standard emphasizes that confidentiality, integrity and availability characterize the information security. It consists of 11 control areas namely:
- Security policy
- Organizing information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations
- Access controls
- Information systems acquisition, development and maintenance
- Incident handling
- Business continuity management
- compliance

- ISO/ IEC 27001: This is a part of the BS7799 standard which offers guidance on framework for certification or we can say that the part 2 of this standard has been replaced by ISO/ IEC 27001 standard. This standard is backward compatible so that any organization using BS7799 part 2 faces no problem in implementing this. This framework is a management system that is used in implementation of the control objectives ISO 27002 that are incorporated in to ISO 27001.

- SoGP (standard of good practice): This standard is essentially a list of best information security practices published by ISF i.e., the information security forum. It also provides a comprehensive SoGP benchmark program.

- NERC (north American  electric reliability corporation) offers many standards such as NERC 1300, NERC 1200, CIP – 002 – 1 to provide security to the bulk electric systems.

- NIST: Has provided the following standards:
- 800 – 12: Overview of the computer security along with control areas, importance of these controls, ways of implementation.
- 800 – 14: Lists most common security principles that are followed everywhere, description of computer security policy, suggestions for improvement and development of new practices.
- 800 – 26: Offers advice for the management of IT security, risk assessments and self-assessments.
- 800 – 37: Introduced a new approach for the application of risk management framework for the federal information systems.
- 800 – 53: It provided a guide for the assessment of the security controls for the federal information systems.
- ISO 15408: The common criteria are developed by this standard. it permits a number of software applications for integration and testing.
- RFC 2196: This is more like a memorandum about the development of security procedures and policies for the information systems that are connected through internet.
- ISA/ IEC – 62443: It provides all the related information such as standards and technical reports for defining the implementation of the control systems especially IACS (industrial automation and control system). The guidance is also for security practitioners, end users, control system manufacturers and so on.

What are the advantages of network security?

The major advantage of having network security in place is that you keep all your things such as personal information, data and other files safe against people who are looking to steal these or destroy them (and it may not be somebody who is directly against you, but just people who are looking for networks where security is weak and they can get in). Or these may be unauthorized people who want to misuse this information. Unauthorized users may be from the same network or some other network. We have listed the advantages of having strong network security below as well as having proper security protocols:
- It provides protection to the client’s personal data on the network.
- It provides protection to information that is exchanged between hosts during transmission, from eavesdroppers.
- It provides protection to computer systems which can be otherwise rendered useless if attacked with a malicious virus or a trojan that keeps on passing out information.
- Prevents any attempts of doing harm to your system by spyware and malware attacks or hacking.
- Takes care of the access rights assigned to the users at different levels in a network such as in accounting systems.
- It is because of network security that private networks actually exist even if their information is passed over public networks.
- It helps in closing private networks and protecting them against intruders and other attacks.

Data in a private network is also not safe since it can be altered and hampered by people in the same network who may be doing so for many different reasons. The possibilities of attacks vary proportionally with the size of the network. Nowadays various organizations offer anti-virus software free of cost to people who are accessing this network. This has helped a big deal in reducing the threats of attacks.
As a large number of the users suffer from danger of viruses or other attacks, it also increases the danger for the organizations whose websites these users access on a regular basis. Thus the organizations distribute free anti-virus to keep this danger at bay to some extent. Network security is important as it provides protection against malicious viruses, spyware, worms and Trojans. It also guards the system against its potential vulnerabilities. Network security policy means a systematic process for the enforcement of protection policies for data, applications, hosts etc. and it provides guidance as to how the digital identities should be maintained. The security infrastructure may vary from one host to another and from one network to another. With network security the network administrator gets a centralized control for all of them when they are based in one virtual organization.
There are a number of issues that must be addressed by network security in terms of keeping viruses and other such attacks at bay. For preventing the virus from infecting your system or network, these security measures must automatically keep its data base updated on all the user machines. Another measure that can be taken is to install scanners on every machine and device accessing the network include newer devices like tablets. These scanners work well for keeping out e-mails infected with Trojans, worms and viruses.
At the same time, it is also important that users have education about the need for network security and what not to do. Without appropriate knowledge you won’t know as to what security options should be selected for enforcement. You might land up with a security policy that barely protects your system. For example, if you receive an email whose source you don’t know or you don’t trust just don’t open it. Possibilities are that it might contain some malicious file which if downloaded can eat up your data.
It is true that anti-virus software are effective in guarding against the viruses but these are developed only after the virus has been developed. Anti-viruses lag behind from viruses. Antiviruses are available only for the viruses that exist and not for those that have been newly created and hence user awareness and security safeguards are very important.

Security - What are the principal ways to secure a wireless network?

Securing a wireless network is as important as securing wired networks, and in many cases even more since it can be easier to tap into a wireless network. One or the other time all of us might have used a WiFi network which might be unsecure (highly unsecure, or may have recent holes that are not yet patched). But this would not do much harm if you are just honestly looking for connecting to the internet. If you own an unsecure wireless network, you should know that everyone is not honest as you are. Attackers with bad intentions can know what activities are taking place in your network and how your network resources can be exploited.  This problem can be fixed by following some basic principles of securing your wireless network:
- WEP and WPA encryption: Encryption is the first line of defense that you can call up for the security of your network. The data that your PC transmits to the wireless router is encoded. But usually what happens is that in most of the routers this option is disabled. You first need to check if it is enabled or not. If you keep it disabled, it will expose your network to several vulnerabilities. You should keep the encryption in enable mode and use the strongest form that is supported by your computer. WPA2 is more sophisticated when compared to WPA. WEP can be easily cracked and so it has been replaced by the most recent version of WPA i.e., the WPA2. One thing to be taken care of is that all the devices should have either WEP or WPA if you are using either of them. These two protocols cannot be mixed and used. The WEP uses the same key every time but this is not the case with the WPA. Here the keys keep on changing dynamically. This makes it almost impossible to hack. The encryption key must have a strong password like a combination of numbers and letters of more than 14 characters. If your computer has an old router that supports only WEP, use the 128-bit WEP key as it is the safest. But you should continuously keep checking for a firmware update at the manufacturer’s website. This update will provide WPA support to WEP. If no update is available, you can replace the old routers and the adapters with their new models that provide support for WPA. It’s better to go with hybrid version of the routers that support both WPA and WPA2. This will provide stronger encryption at the same time while maintaining compatibility with the other adapters.
It should be made sure that the default network name as well as the password have been changed. Doing so will make it difficult for the hackers to break int o the system and change its configuration. Even if you do have a firewall in the router, additional security measures have to be taken. The firewall does not lets the hackers break in to the system. But it does not stop people that lie in to the geographical range of wi-fi from accessing the network. There are readily available tools that can be used for sniffing the traffic through your wireless networks. To supplement the security, the software firewall should also be installed on the computer. Public hotspots are typically very unsecure.  If there are no precautions it should be assumed internet traffic whether incoming or outgoing is visible to the attackers. Before connecting to the network always make sure that is a legitimate one, make sure that the firewall is enabled. And keep the file sharing option to off. You can check whether you have selected the appropriate security options in the firewall settings. These are some tips to increase your security level when dealing with WiFi.

Security - What are some of the different ranges of wireless security measures?

When you get to be serious about wireless security, there are several mechanisms / measures that you can take, here are some details of the problem and solutions:
First – generation wireless networking has made it hard to decide whether or not you should deploy a wireless local area network (WLAN) even though there are many shortcomings such as rampant threats, vulnerabilities of the protocol and so on. Sometimes you might feel like banning the WLAN neglecting its advantages in business due to a fear of rogue AP (access points) cropping up. In either of the cases it’s a no- win situation. However, over a period of time, wireless protocols have been revised with some improvements that have made them more secure. Given the various threats (some of which can be innovative), wireless security has to be taken seriously like other types of network threats.
A WLAN security suite should be installed for providing security. The Wireless security can be more enhanced if we have a proper knowledge about how to correctly integrate wireless devices with wired networks, upgrading the existing security tools and after a due selection of the appropriate security technologies. We should be sure that security solutions for virtual private networks are based on the present generation of the encryption and authentication protocols. Because threats can come in new and improved methods, on a continuous basis, you need to keep monitoring the health of your network for keeping it secure. Attackers are always waiting for seeing an unprotected WLAN and then invading and turning it.
It is quite easy to record wireless traffic and eventually break in, getting such valuable info such as proprietary information, login details, server addresses and so on (nowadays, stealing credit card details seems to have become a business for the attackers). In addition to stealing information, the attackers can also take control of networks and use them for transmitting spams, steal bandwidth, or use this network as a Launchpad for attacking other networks. The traffic can be recorded and modified, and the consequences can be legal or financial.
A business can be disrupted even by an attacker with low technology skills with packaged scripts that make it easy to attack networks and hunt for weak points (for example, a known security hole has not be fixed and the script uses that hole to get inside and eventually gain access). The attacker can flood your internet uplinks, wired networks and access points with wireless packets. You should known from what you are defending your systems and why protecting different possible points of entry. If you don’t know this, then you don't really have a chance, at sometime or the other, you will have your network without protection, and all the security measures are in vain.
The identification of assets and the impact of the loss is critical for security analysis. If you are using connection methods such as DSL, dial up or wireless, the access requirements should be defined by your security policy. If your system follows a remote access policy for the telecommuters, it should be expanded to incorporate wireless. If there is no such policy, one should be created. The scenarios unique to the wireless network must be included. The rules of wireless network are different for the employees and office visitors. The public areas have jacks that are typically associated with some known addresses and are sometimes disabled. But the PDAs and the laptops can be easily connected to the wireless stations and access points in the nearby location. This serves as both opportunity and a threat.
For guests the peer-to-peer networking should be prohibited and sessions should be permitted through certain access points with limited bandwidth and duration. After the identification of the assets, enumeration of the risks should be done. The last step is the quantifying of the risks. In security it is always important to weigh the risk against the cost. Once you have got this right, the other WLAN alternatives can be considered. Before setting up the access points, you should take a survey of the WLAN using a discovery tool. Some set up wizards have made it possible for the employees to deploy rogue access points through which the corporate’s info and assets can be exposed to the outside world. It can also introduce disturbance in to the WLAN. These rogue apps must be eliminated. With such surveys, you can also find workstations that are not authorized to access the internet. 

Security - What is meant by a spoofing attack?

A spoofing attack can be described as a situation in which a program is successfully masqueraded by another person or program in the area of network security. This is done by falsification of inbound data through which the masquerading program gains an advantage, of the illegitimate kind. A number of TCP/ IP protocols do not have mechanisms for the source and destination authentication of the messages. This makes them too much vulnerable to the spoofing attacks. Thus some extra precautions have to be taken by the applications for verification of the sending and receiving host identity. A source IP address is forged using which IP packets are created. This is done for impersonation of identity of some other computer system and to conceal the sender’s identity. Thus, IP protocol is the basic one that is used for sending data across the networks. Each packet consists of numerical addresses. The header field of the packet is usually forged so that it appears as if it is from someone else.
The man-in-the-middle attacks against the network’s hosts are often carried out with the help of two types of spoofing namely ARP spoofing and the IP spoofing.
The implementation of firewalls having capability of inspecting the packets deeply can prevent the spoofing attacks from taking advantage of the TCP/ IP protocols. This can also be done by taking measures for the verification of the message sender and the recipient’s identity. There are sites which are pay sites and they can be accessed only through a certain log-in page that is approved by them. This enforcement is made by referrer header checking in the HTTP request. This is so because the referrer header can be changed by the unauthorized users to gain access to the site content. This is called referrer spoofing.
Sometimes the copyright holders also use spoofing for inserting un-listenable and distorted versions of works on networks where file is shared. This is termed as poisoning the file – sharing networks. Another type of spoofing attack is the caller ID spoofing. Caller ID info is often provided by the public telephone networks including the name and number of the caller. VoIP (voice over IP) is one such technology in which the caller ID info can be forged by the callers so as to present names and numbers that are false. This false information is then forwarded by the gateways that connect public networks and allow spoofing.
It is also possible that the origination of the spoofed call might be some other country. In that case the laws in the country of the recipient might not be applicable to the caller. This has also limited the effectiveness of the laws against the caller ID spoofing. This results in a lot of scams. Another type is email spoofing or email address spoofing. The information of the sender that you see in the emails can be easily spoofed. Spammers use this technique quite often for hiding their information. This creates problems such as spam backscatter, misdirected bounces and so on.
A GPS receiver can be deceived by GPS spoofing attacks. In this the counterfeit GPS signals are broadcasted that have been structured to appear same as the normal GPS signals. This can also be done with original signals and rebroadcasting them at some other point. Because of the receiver will estimate its position wrongly. One variant of GPS spoofing attack is the carry off attack. This attack involves synchronization and broadcasting of the signals and genuine signals together. This gradually increases the power of the counterfeit signals which causes them to drift away from the genuine signals.

Security - What is meant by smurf attack?

A type of denial-of-service attack is the smurf attack. This attack involves broadcasting a large number of ICMP (internet control message protocol) packets to a computer network with the spoofed IP address of the victim through an IP broadcast address. Most of the devices online on that network respond to this broadcast by replying to the IP address of the source. Now, since the number of devices connected to the network and replying to this broadcast is very large, the system of the victim will get flooded with incoming traffic. This results in a slow down of the victim’s system and it becomes impossible to work on it. The attack was named after the name of the program’s source code called the ‘smurf.c’ which was released by TFreak in the year of 1997. At that time a lot of IP networks were vulnerable to this attack. But today most networks are immune to such attacks and very few are still vulnerable to it.
Now let us talk about the mitigation of these attacks. It can be fixed in two steps as mentioned below:
- The individual routers and hosts should be configured so that they do not respond to such broadcasts and the ICMP requests.
- Routers should be configured to not forward the packets to the destination address. The 1999 standards configured the routers for default forwarding of such packets. In the same year, these standards were changed.

Another solution to this problem is the network ingress filtering. This sort of filtering is implemented for rejecting those ICMP packets based up on the source address that has been forged. An example of router configuration that won’t allow packet forwarding in cisco routers is:
Router (config – if) # no ip directed – broadcast

Even though this example prevents a network from participating in the smurf attack, it does not prevent it from becoming its target. There are computer networks that lend themselves to be used in the attacks. Such networks are termed as the smurf amplifiers. They tend to worsen the smurf attack since their configuration is such that a lot of replies to the ICMP addresses will be generated from them at the spoofed IP address or the victim computer.

A variation of the smurf attack is the ‘fraggle attack’. In this attack a large UDP traffic along with the victim’s IP address is sent to an IP broadcast address by the attack at ports 7 and 19 i.e., echo and chargen respectively. The way of working of this attack is quite similar to the original smurf attack. All the devices on the network will send the traffic to the victim address causing the same kind of flooding as in the case of smurf attacks. The source code for this attack was also released by TFreak called the fraggle.c.
Smurf attacks are a way of exploiting the IP broadcast addressing for creating a denial – of – service attack. The affected networks becomes inoperable. ICMP is usually used by network administrators for exchanging info about the network state. During the attack, these messages are used to ping the devices on the network to see if they are in a functional state. If a device is functional it returns a response to this message. When there are a large number of pings as well as replies to them, a large traffic is created which renders the network unusable. Since the IP broadcast addressing is seldom used it can be disabled at the network routers. This is a suggestion given by CERT for coping with the problem of smurf attacks. 

What are the different types of attacks that network face?

With a lack of security measures and checks in the right place, we put our data to risk of various types of attacks, with many of these attacks of the level that there could be significant data loss, as well as the data could be stolen (and when this data is something sensitive such as credit card numbers or social security numbers, then it is a very serious matter).
Attacks are of two types namely active attacks and passive attacks. The active attacks involve altering the information with an intention of destroying or corrupting the network and the data. If you do not have a security plan in place your network and data are vulnerable to these types of attacks. In this article we discuss about few of such attacks:
- Eavesdropping: Generally most of the network communications occur in a format that is very unsecure (i.e., clear text). This gives a chance to the attacker to gain access to all the available data paths in that network for interpreting or listening to the traffic. Eavesdropping on someone’s communication is referred to as snooping or sniffing. The eavesdropper gets a great chance for monitoring the whole network which has become a great cause of concern for the administrator of an enterprise. There are services that are based on cryptography and can prevent this type of attack. With a lack of strong encryption data can be read or traversed by the eavesdropper.
- Data modification: After the data has been read by the attacker or eavesdropper, altering this data is his/ her next step. Without coming to the knowledge of the receiver and the sender, the data in the packet can be modified by the attacker. Even if confidentiality is not required in all the communications, it is a must that any of the messages should not get modified in the transition.
- IP address spoofing (identity spoofing): The computer’s IP address is used by most of the operating systems and the network for identifying whether an entry is valid or not. In some cases, a false assumption of the IP address is possible. This is called identity spoofing. Some special programs might be used by the attacker for constructing the IP packets that might seem to come from the systems that are inside the intranet of the corporate. After the attacker gains the access to a network having a valid IP address, he/ she might reroute, delete or modify the data.
- Attacks based up on passwords: Password based access control is a common denominator of many network security plans and operating systems. By this we mean that your user ID and password determine your access rights. However, it is possible that protection to this identity information is not provided by older applications as they might be validated when passed through the network. This might give a chance to the eavesdropper who poses as an authorized user for gaining access to the data. Whenever a valid user account is found by the attacker, he/ she gets the exact rights which are possessed by the real user. Now suppose if the user is admin of the network, then attacker gets the same rights as the admin and can create accounts for subsequent use. After gaining access to an account, the attacker can get lists of the authorized users and network info. He can make changes in the configurations, routing tables and access controls of the networks and servers.
- Denial – of – service attack: This attack prevents a valid user from using the network or the computer. By means of this attack the attention of the staff can be diverted from the internal information systems so that they don’t get to know about the intrusion. In the meantime attacker can make more attacks. Invalid data can be sent to the network services or applications. He can even overload the whole network so that it shut down.

How is security management done in large businesses?

Security management is very much required, in fact essential, if you are doing a large scale business or responsible for the security. In this article we discuss about some steps that can be considered for increasing the security (and you might have issues with some of the steps, or perform some additional steps):
- There might be a lot of unwanted people from whom you wish to keep your network and database safe. For this purpose a strong network guard must be used with an equally strong firewall and proxy.
- Here the basic anti – virus software would not work. You have to go for strong antivirus packages. There are separate internet security software packages also.
- Stronger passwords can be used for authentication purpose and it should be changed on a bi – weekly or a weekly basis if a wireless connection is being used. The password must be robust and follow the protocols to prevent the password from being guessed.
- A network analyzer can be created for the purpose of monitoring the network. It can be used as and when required.
- There are certain physical security precautions that can be exercised for the employees.
a) Physical security management techniques can be implemented such as the closed circuit television for the zones that are restricted with security viewing these videos.
b) The perimeter of the company can be marked by security fencing backed up closed circuit television cameras.
c) The security rooms and the server rooms are fire – sensitive and so they should be equipped with fire extinguishers.
d) Physical security can be maximized with the security guards who have been given specific protocols to follow.
Some of the above points hold good for large govt. institutions and schools too. School networks can put up a firewall and proxy that is adjustable for restricting outsiders from accessing the database. Schools too need to use strong internet security software packages, also because students tend me to be the most curious and prone to using software that may have viruses or worms. Librarians, administrators, and teachers should constantly supervise the network to provide guarantee protection against security threats. An internet usage policy that is easy to understand, accept and enforce for differentiating between the personally owned and school owned devices. for the institutes that provide higher education must implement the FERPA compliance. Large govt. agencies should also use stronger firewalls and proxy for keeping the intruders at bay. Strong encryption must be done for safe–guarding the communication. The wireless connection must be authorized in whitelist. Others should be blocked. All of the networking hardware must be deployed in secure zones. A private network should be created up on which all the hosts should reside after which they won’t be visible to the outsiders. Security management procedures that are used by various organizations include risk analysis, risk assessment, classification of information, and categorization of assets, and rating the vulnerabilities of the system. These measures are followed for the implementation of the effective controls. The principles of the risk management are followed for managing the security threats. The types of the security threats can be classified in to two broad categories namely the external security threats and the internal security threats.
Avoiding the possibility of creating any opportunity for attackers is the best thing to do in the first place. The effectiveness of the controls that are used for controlling these threats is assessed. The consequences of the risks are also assessed. The risks have to be prioritized as per the impact they can have on the security system.