Security Dose 231123 - It's about Security!!
It's About "Security"
The “Security
Dose” is a new initiative from our end. These kinds of articles will be a 300-feet
overview of the security concepts. It will primarily focus on theories, not the
deep-dive configuration stuff. Hope you will find this initiative informative
and useful.
Let’s start with Security why do we need it in the first place? Security is the top priority today for everyone starting from end-users to top business management. It helps to ensure that you are able to continue to operate in spite of any attempts to steal data or compromise any physical or logical elements in the system.
To understand the scope of security, let’s compare it with Information Technology (IT). IT is a combination of hardware & software that support the operations of a business to drive revenue.
A Security
System is a business management tool that ensures the reliable and protected
operation of IT. Security is implemented to support the objectives, missions, and
goals of the organization.
Often
team wants to know how to start the security implementation. We need to
understand that security is a journey not a final implementation of any
security system. This journey of security implementation starts with adopting a
security framework i.e. for instance a security framework to secure network access,
external threat protection, or data transfer protection. Once a framework is adopted,
security systems continuously evolve using various assessments.
These
assessments may include – Risk Assessment, Vulnerability Assessment, and Penetration
Assessment. Let’s look at each of these briefly –
Risk Assessment starts with collecting information about assets, threats around them, and vulnerabilities that may be there. Once all this information is collected a risk is calculated if there is a breach. This information provides input to guide improvements of existing security systems.
Vulnerability assessment generally uses the automated approach to find the security risks associated with systems. The identified vulnerabilities are addressed by adding more defense systems or adjusting the settings of existing security systems.
Finally, the Penetration Testing assessment is where trusted individuals are hired or appointed to perform the stress test of the system to find out any issues that can allow an attacker to breach the system. Normally, penetration testing is done to find issues that are not identified in risk and vulnerability assessments.
Figure 1: Security Evolution
⚡⚡ Is it required security to be legally defensible? 📜
Today,
in this agile environment perimeters are getting dissolved, and we are surrounded
by bad actors on our network or outside the network. It requires security to be
legally defensible. Solid legally defensible security systems can protect an
organization from facing fines, penalties, and charges of negligence in case
someone intrudes environment and harms critical entities or resources.
As already said you cannot implement 100% security. It’s a journey and never concluded process. It is because the security issues are always changing. The defenses that were sufficient yesterday may not be sufficient tomorrow.
For instance,
perimeter security for protecting internal resources in a central site does not
scale well in a cloud-first area. As we discover new vulnerabilities or new
attacks are designed, we need to respond to them with a new security approach.
We hope you find this informative we come with more such
doses frequently.
Continue Reading...
- Security: Cisco ASA Vs Cisco FTD - The Network DNA
- Site-to-Site VPN: IPSEC Tunnel Between an ASA and a Cisco IOS Router
- Cisco Security: Cisco ASA 5505 Interfaces configuration for Access Ports
- Cisco Security: Cisco ASA 5505 Interfaces configuration for Trunk Port
- Cisco ASA Series 1: Restoring the ASA to Factory Default Configuration
- Cisco ASA Series 2: Configuring NAT
- Cisco ASA Series 3: Easy VPN Remote
- Cisco ASA Series 4: Configuring VLANs and Sub interfaces
- Cisco ASA Series 5: Configuring Threat Detection
- Site to Site IPSec VPN Tunnel between Cisco ASA and Palo Alto Firewalls