{"id":282,"date":"2020-01-26T04:35:59","date_gmt":"2020-01-26T04:35:59","guid":{"rendered":"http:\/\/www.volucer.it\/?p=282"},"modified":"2020-01-26T04:36:48","modified_gmt":"2020-01-26T04:36:48","slug":"cybersecurity-first-line-of-defense-model","status":"publish","type":"post","link":"https:\/\/www.volucer.it\/?p=282","title":{"rendered":"CYBERSECURITY:  FIRST LINE OF DEFENSE MODEL"},"content":{"rendered":"\n<p><strong>Just some personal notes and thoughts about a different approach to cybersecurity defense system.<\/strong><\/p>\n\n\n\n<p>In the cyberspace the scenario in which every day an Information System\n(IS) lives is more or less this one:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>It could have a cyberattack by bad guys\/organizations;<\/li><li>If the cyberattack has success the Information System\ncould be compromised in a hide or manifest way;<\/li><li>If we realize that the Information System is\ncompromised, we start the security crisis management;<\/li><li>After the incident management we analyze what happened\nand try to harden more the defense system. &nbsp;&nbsp;&nbsp;<\/li><\/ol>\n\n\n\n<p><strong> <\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cybersecurity attacks <\/strong><\/h2>\n\n\n\n<p>The cyberspace is not a secure world you can be the target of many types\nof attacks, for example we can have:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Denial-of-service\n(DoS) and distributed denial-of-service (DDoS) attacks;<\/li><li>Man-in-the-middle\n(MitM) attack;<\/li><li>Drive-by\nattack;<\/li><li>Password\nattack;<\/li><li>SQL\ninjection attack;<\/li><li>Cross-site\nscripting (XSS) attack;<\/li><li>Eavesdropping\nattack;<\/li><li>Birthday\nattack;<\/li><li>Malware\nattack;<\/li><li>Phishing\nand spear phishing attacks;<\/li><li>And so on.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cybersecurity HIDE incident<\/strong><\/h2>\n\n\n\n<p> If the attack has been success but we don\u2019t have any idea about what\u2019s going on. This is the worse situation in which we can be. No one alerts us about it. The question is: where is my high defense system? In this situation only a very smart and good monitor system can detect that my system is compromised and where is the problem. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cybersecurity manifest incident<\/strong><\/h2>\n\n\n\n<p>If the attack has been success and we realize that our information\nsystem is compromised we can only face and manage the incident, which could be:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A Data\nleakage of any type: mails, photos, credit card data, sensitive personal data\nand so on;<\/li><li>A Crashed\nweb sites;<\/li><li>A Breached\nnetworks;<\/li><li>A Denials\nof service;<\/li><li>A Hacked\ndevices;<\/li><li>A Organizations\u2019\ndecrease of reputation by leakage of information or successful cyberattack with\nhuge economic loss;<\/li><li>A Personal\nloss of reputation;<\/li><li>And so on <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"http:\/\/www.volucer.it\/wp-content\/uploads\/2020\/01\/CyberDefenceSchema-1024x683.png\" alt=\"\" class=\"wp-image-284\" srcset=\"https:\/\/www.volucer.it\/wp-content\/uploads\/2020\/01\/CyberDefenceSchema-1024x683.png 1024w, https:\/\/www.volucer.it\/wp-content\/uploads\/2020\/01\/CyberDefenceSchema-300x200.png 300w, https:\/\/www.volucer.it\/wp-content\/uploads\/2020\/01\/CyberDefenceSchema-768x512.png 768w, https:\/\/www.volucer.it\/wp-content\/uploads\/2020\/01\/CyberDefenceSchema-960x641.png 960w, https:\/\/www.volucer.it\/wp-content\/uploads\/2020\/01\/CyberDefenceSchema.png 1142w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Post-incident analysis<\/strong><\/h2>\n\n\n\n<p>In this phase it occurs to assess the causes and to analyze the company\u2019s crisis management capabilities in order to eliminate deficiencies in the cyber defense system to improve its resilience.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>First Line of defense model<\/strong><\/h2>\n\n\n\n<p>But what is the first line of defense model? As we can see in schema is\nthe <strong>monitor system<\/strong>. It is very\nimportant and its role is crucial and fundamental. Every slice of second it has\nto tell us:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>First of\nall I\u2019m good I\u2019m working well, I\u2019m not compromised;<\/li><li>the IS is\nnot under attack;<\/li><li>the IS is\nworking according the specifications and it is not compromised. <\/li><\/ul>\n\n\n\n<p>or:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The IS is\nunder attack but it is not compromised and I immediately inform the emergency\nteam to stop it. <\/li><li>The system\nis compromised I didn\u2019t detect the intrusion but I realize that the attack had\nsuccess we need to recovery. This is the worse situation but the monitor immediately\nalert system advises about it in order to contain the damage.<\/li><\/ul>\n\n\n\n<p>Or:<\/p>\n\n\n\n<p>Anyone of the above sentence is a fake news. This means the monitoring\nsystem does work well. In this case we are in the very bad situation that we\nneed to minimize by increasing and improving the capabilities and intelligence of\ncontrol and auditing every days of monitor system.<\/p>\n\n\n\n<p>But what does the monitor mean?<\/p>\n\n\n\n<p>Monitor means to check, to verify that everything is working according\nthe rules and specifications. <\/p>\n\n\n\n<p>The monitoring activity should be at different levels:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Network\nlevel that is packet analysis and so on;<\/li><li>Operating\nsystem level;<\/li><li>Application\nLevel;<\/li><li>User behavior;<\/li><\/ul>\n\n\n\n<p>and it should &nbsp;analyze, combine\nand correlate events at different levels for a better control of IS.\n\nI think we can have\nthe last defense technology but without a very smart monitor working 24\/7 on\nthe information system we don\u2019t have a good cyber security system. \n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just some personal notes and thoughts about a different approach to cybersecurity defense system. In the cyberspace the scenario in which every day an Information System (IS) lives is more or less this one: It could have a cyberattack by bad guys\/organizations; If the cyberattack has success the Information System could be compromised in a <a class=\"read-more\" href=\"https:\/\/www.volucer.it\/?p=282\">...continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[15,11,14],"class_list":["post-282","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cyber-defense","tag-cybersecurity","tag-cybersecurity-attacks"],"_links":{"self":[{"href":"https:\/\/www.volucer.it\/index.php?rest_route=\/wp\/v2\/posts\/282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.volucer.it\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.volucer.it\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.volucer.it\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.volucer.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=282"}],"version-history":[{"count":3,"href":"https:\/\/www.volucer.it\/index.php?rest_route=\/wp\/v2\/posts\/282\/revisions"}],"predecessor-version":[{"id":286,"href":"https:\/\/www.volucer.it\/index.php?rest_route=\/wp\/v2\/posts\/282\/revisions\/286"}],"wp:attachment":[{"href":"https:\/\/www.volucer.it\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.volucer.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.volucer.it\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}