Muscat: To fight state-sponsored cyber attacks, government enterprises in Oman should deploy intrusion prevention systems and data loss prevention tools to block attacks, in addition to patching vulnerabilities and implementing multi-factor authentication, says a security expert.
Kasey Cross, senior product marketing manager at A10 Networks, lists five different ways government agencies in the Sultanate can keep cyber criminals at bay.
State-sponsored hackers can hide attacks in encrypted secure sockets layer (SSL) traffic to evade detection. As a result, network security solutions, such as next-gen firewalls and intrusion prevention systems, need to be able to inspect all incoming and outgoing traffic for threats — not just the data that is sent in plain text, he said. To ensure state-sponsored hackers do not bypass your security controls, decrypt and examine all traffic, he added.
Five features for IT teams to consider when selecting an SSL inspection platform include:
SSL performance: In addition to assessing current Internet bandwidth requirements, IT also must factor in SSL traffic growth and ensure the inspection platform can handle future SSL throughput requirements.
Compliance: To address regulatory requirements like Health Insurance Portability and Accountability Act, Federal Information Security Management Act and Sarbanes-Oxley, an SSL inspection platform should be able to bypass sensitive traffic, like traffic to banking and healthcare sites.
Heterogenous networks: IT should look for SSL inspection platforms that can decrypt outbound traffic to the Internet and inbound traffic to corporate servers with multiple, flexible deployment options. Additionally, the platforms should intelligently route traffic with traffic steering, granularly parse and control traffic based on custom-defined policies and integrate with a variety of security solutions from leading vendors.
Security infrastructure: SSL inspection platforms should not just offload SSL processing from security devices but also maximise the uptime and performance of those devices. It’s important the platforms can scale security deployments with load balancing, avoid network downtime by detecting and routing around failed security devices and support advanced health monitoring to rapidly identify network or application errors.
SSL certificates and keys: To ensure certificates are stored and administered securely, IT should look for SSL inspection platforms that provide device-level controls to protect SSL keys and certificates, integrate with third-party SSL certificate management solutions and support FIPS 140-2 Level 2 and Level 3 certified equipment and Hardware Security Modules.
Fortify web applications
Web application data is an attractive target for state-sponsored hackers. Attackers have been known to exploit application vulnerabilities to gain access to Web servers or steal records from databases. One way agencies can protect against this is with a certified Web application firewall (WAF), which filters all application access by inspecting both the traffic toward the application and the response traffic from the application.
Virtual Private Networks
Assume that any communications over public networks can and will be intercepted. Therefore, agencies of all sizes should implement IPsec Virtual Private Networks (VPNs) to prevent snooping and data theft, as well as to address compliance. Though it's no guarantee your data will be protected, you should still encrypt sensitive data sent over the Internet using IPsec encryption.
While IPsec is a mature and well understood technology, new networking paradigms like cloud computing, as well as escalating bandwidth requirements, are compelling large enterprises and service providers to rethink their VPN strategies.
If sensitive data is stored in databases or files, be sure to track all activity including access and changes. The will help detect anomalous activity, prevent illicit access and measure the impact of an intrusion if an incident does occur. For instance, if someone requests every credit card record, accesses large quantities of data at once or during unusual times of day or escalates their privileges, it could indicate a cyber attack is underway. Monitoring and auditing user access to sensitive data ensures there is a trail to link security violations to specific user names.
Training employees
Your own employees will often be your weakest security links. Therefore, it’s important for organizations to educate their teams and enforce best practices, such as choosing a strong password, to prevent advanced cyber attacks. Users should also be instructed to identify social engineering attacks, phishing threats and other malicious activity. Otherwise, they'll likely become a victim.