Quick Reference Note
Introduction to Defensive Security
What is Defensive Security?
Security policies intended to withstand or deter aggression or attack; b) Security performed so as to avoid risk, danger, or cybercrime threats like espionage, sabotage, or attack.
Note for any security personnel / enthusiast to fully grasp this field of defensive security must
1. Learn the Adversary 2. Circumvent Them
Below are some of the most important commands that I have learned while practicing cyber security.
Defensive measures
After reviewing and using exploitation mechanisms that employ both ethical hackers and crackers, it is necessary to make some recommendations to try to minimize the risks in our client’s network infrastructure. Here are some of the steps we can take: Create a security policy that includes a section about password guidelines (key length, use of special characters, periodical expiration of keys, account blocking policy, etc.) Enable auditing services at the operating system level in end-user devices, servers and communications equipment and use log correlation software to perform event monitoring. Restrict access to the Administrator and root account so that it cannot perform logon through the network, butonly physically in the computer console. Use port security and admission control (NAC) on networking devices so that only authorized users can connect to the network. Replace insecure protocols that send information in plain text as HTTP, SMTP, TELNET, FTP, with their secure counterparts which use digital certificates and encryption for transmission: HTTPS, SMTP, SSL, SSH, SFTP, etc. Set the switches to detect the sending of free and unauthorized ARP and other known attacks and react to port violation taking appropriate actions and reporting the event. Implement secure authentication protocols in wireless equipment and isolate wireless segments from other 68 internal subnets using intelligent next generation firewalls . Configure intelligent next generation firewalls and other network devices to block attacks. Use network and security management software for threat detection, vulnerability assessment and automatic 69 response to events . Design and implement an Information Security Policy based on the ISO 27000 standard. Implement awareness campaigns about good practices on information security for the end-users. Train staff from the IT and related departments about information security and specialized topics such as ethical hacking, computer forensics and defense mechanisms. Define profiles for IT personnel and establish which international certifications on information security your functionaries must obtain according to their position. Ultimately, there are many more defensive measures that can be applied, but that’s a topic for another whole book. Useful Resources
Last modified 5mo ago
Copy link