Exploring the four most effective cyber security mitigation strategies – Part 2

You can read the first part of this series on cyber security here.
A recent paper from the Centre for Strategic and International Studies contains some striking cyber security statistics. It included the fact that more than 90% of successful corporate network breaches required only the most basic techniques and that 75% of them exploited known vulnerabilities in commercial software. In summary, hacking is easy because computer systems have widely known vulnerabilities that can be exploited by anyone possessing basic computing skills and access to the internet.

2. Why updating your software is so important

Research from the DOD Defense Signals Directorate has established that just four mitigation strategies can prevent more than 85% of attacks. These strategies are:

1. Implementation of application white-listing
2. Effective Operating System patching
3. Effective software application updates
4. Restriction of administrative privileges

Note that two out of the four mitigation strategies are about updating the software that is already installed on computer systems.
Operating System patches are issued by the vendor when a software defect has been fixed. Generally patches are classified in order to indicate the severity and impact of the problem they resolve. Rather than issue them individually most vendors collect their patches together in the form of periodic updates to their Operating Systems.
Using patch classification to prioritize the deployment of security patches is vital since hackers will start exploiting new vulnerabilities once they are known. As soon as a security fix is available the clock is ticking.
Keeping desktop applications up to date is as important as patching the underlying Operating System. The difference comes from how updates are packaged and delivered, with less distinction made between the type of fix and its severity. In terms of deployment, some applications incorporate a self-update feature and others rely on the end-user or system management tools.

3. Reasons why patching is incomplete

Large organizations typically automate the task of software deployment using management tools such as Microsoft System Center. This should result in updates being deployed to all devices in a timely manner however there are still reasons why this fails, for example:

• Devices are switched off at the time of the update
• End-user intervention is required such as a reboot
• Software must be deployed over slow network links or to remote users
• The computer system is considered business critical and therefore updates must go through an approval process

These issues can be solved using modern systems management tools such as the 1E products Nomad and NightWatchman. However the challenge for most organisations is that the problem is hidden. You are more than welcome to request a trial of these products.

4. Restriction of administrative privileges

Typically administrators are targeted by cyber intruders because they possess a high level of access rights to corporate assets.
A key feature of System Center 2012 Configuration Manager (SCCM) is the introduction of role-based administration for the central definition and management of security access settings. Products such as SCCM provide distinct benefits to organisations in their efforts to tighten cyber security. Specifically role-based administration provides a number of benefits:

• It allows the grouping of security roles into typical administrative tasks.
• Administration is no longer restricted to site boundaries.
• The creation of content for the hierarchy and the assignment of security for that content is an isolated operation.
• Replication of security assignments occur across the hierarchy.
• The provision of built-in security roles for typical administration tasks plus the ability to create customised security roles.
• Visibility of objects for administrative users is restricted to those for which they have appropriate access.
• The ability to audit administrative security actions.
• The creation of administrative roles for the hierarchy and the assignment of security to those roles is an isolated operation.

As you can see the strict definition of security roles and secured IT assets facilitates the management, separation and visibility of administration privileges.