Welcome to the final part of this awareness series. In the previous article, we established the impact and prevalence of cybercrime and outlined the basic approach to secure our digital assets, which can be found here. In this article, we will briefly explore the key components of a usable defense-in-depth model.
Passwords
Our passwords are at the core of our cybersecurity model. Choosing strong passwords and encryption keys supplies the best obstacle for would-be attackers. We at Trenchant Cyber Ops recommend that our clients use long (over 25 characters), salted (random variation) passwords. We are also aware of the difficulty faced by the average person to reliably recall any string of seven or more random characters. We also know that the average person circumvents that difficulty by documenting these passwords either digitally or physically, creating a critical security risk. To address this, we supply the following simple recommendation for effective password management:
- Use a deeply personal and thus infrequently shared, yet easily memorable phrase, lyric, or mantra over 25 characters in length as the base of your password.
E.g. Core: all that glitters isn’t gold
- Salt that core password, i.e., add random variation to it using 1-3 easily memorable rules.
E.g. Rule 1: all ‘a’s become capitalized
Rule 2: All ‘l’s become ‘@’s
Rule 3: the entire phrase is bracketed
Result: (A@@thAtg@ittersisn’tgo@d)
Note: The fastest computer at the time of this writing would take around 7 quadrillion years to brute force (systematically guess) this password
- At this point, depending on your memory and association capabilities, you can either repeat this for all your key passwords or use it to secure a password manager which generates and stores your various passwords securely.
- No matter what you choose, we recommend changing your primary passwords at least once a year.
Technical Tools
Operating Systems
Technical tools are the collection of physical and digital items we use to interact with our digital assets. Of these, the core tool is the Operating System, which acts as an interpreter for and as an interface between us and our digital assets. It is a core part of our cyber security, and its compromise is the keyway an attacker can attack or even potentially bypass the core of our security; our passwords. Most industry-leading Operating systems are carefully and continuously maintained and audited. This leads to rapid identification of potential vulnerabilities and frequent updates and patches to support its security.
At Trenchant Cyber Ops we therefore highly recommend that you use legitimate copies of the industry-leading Operating Systems on your devices and that you keep them up to date with updates and patches. However, as we noted these patches only address discovered vulnerabilities. The key to many attacks is the discovery of new or zero-day vulnerabilities to be maliciously exploited, so we need to be able to defend ourselves against this inevitability.
Firewalls
To do this, we need technical tools to restrict the direct access to the Operating system, lesser access leads to a smaller vulnerable surface area. The primary tool used to accomplish this is the firewall. The firewall serves to restrict access to us from other Operation Systems, which is normally what an attacker will be using to launch their attack. It does this by setting rules clearly defining what data (traffic), from whom (source), can pass through which entryway (port) on the way to which location (destination).
It is important to note that the more you restrict access via the firewall, the less usability you normally have, therefore finding a balance is key. In an enterprise setting the decisions about the software and rules are made by the Network Admin based on the enterprise’s security posture. For individuals, we at Trenchant Cyber Ops recommend using third-party software to manage this for you. For lower spec machines we recommend Avira and for all others Comodo, where possible.
Antivirus
Another tool that helps restrict access to the operating system, specifically from files already on it, is the antivirus. Antiviruses are a mainstay in modern times, despite only being effective against previously discovered and documented vulnerabilities and exploits. They keep a database of signatures unique to these exploits and compare all present files against these signatures, seeking threats. Once found they alert the user and quarantine the infected file. At Trenchant Cyber Ops we recommend Avira or Comodo which both have industry-standard antivirus built in.
Network Switches and Routers
In an enterprise environment, there will most often be the need for more fine-tuned control of the data flow between the various devices and Operating systems. This can be done by using and managing Network Switches and Routers. Network switches simply divide your devices and Operating systems into access zones, allowing the restriction of access to digital assets to specific groups and devices.
The network router does a similar function, except in this case it manages access to and from the external networks that make up the internet (where a high percentage of attacks originate). Importantly, the combined usage of a firewall, router, and switches not only prevents attackers from penetrating your network but can protect against possible internal attackers by restricting their ability to transfer digital assets outside of your network.
Wireless Networks
Wireless network security is another high-importance aspect of your cybersecurity model, due to how ubiquitous handheld and portable devices have become. It is useful to think of every portable device on a network as a potential attacker Operating System. At Trenchant Cyber Ops we consider wireless security to be both the security of your self-managed wireless networks, as well as any efforts to protect yourself while on an externally managed wireless network. In either case, the threats are the same, data interception and exploitation.
We, therefore, recommend the use of a Virtual Private Network to encrypt(scramble) four data when on an externally managed network, which both Avira and comodo offer. Additionally, we recommend not performing sensitive tasks (banking, accessing assets) while on these external networks. For self-managed wireless networks, we recommend using our password recommendations to generate a strong Wi-Fi key, that is changed at regular intervals, and sharing that password as infrequently as possible.
Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), & Honeypots
Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS), and Honeypots are advanced tools used primarily in Enterprise and Cybersecurity lab environments. IDS monitor and log the communications between Operating systems, and when suspicious activity is detected, they alert the Network Administrator or Cybersecurity Technician. It can do this by first using lower-level artificial intelligence to learn the “normal” network traffic trends as a baseline to compare all future activities against.
IPS are like IDS on steroids, with enhanced artificial intelligence tools that now also allow actions to be automatically taken to slow or disrupt attacks, Honeypots are essentially throw-away managed systems faking real services and digital assets to lure the attackers in. They allow us to observe and, in most cases, trace the attackers. They also make excellent decoys, being able to be swapped in place of systems already under attack. One risk associated with Honeypots, however, is that a skilled attacker may be able to override the Network Admin management of the device and use it as a further attack vector. These tools have one great advantage however, they are extremely useful for finding new, zero-day exploits and vulnerabilities. However, we at Trenchant Cyber Ops recommend only using these tools once all other tools have been implemented.
Encryption
Encryption is the second most valuable tool in our cybersecurity arsenal. It involves using a strong password and a one-directional, unique, unknown process(algorithm) to scramble your data, making it difficult to decrypt and useless to attackers even if intercepted. We recommend using 256-bit encryption and encrypting all your digital assets and the Operating System.
Physical Security
Physical security is often overlooked when it comes to digital assets, however, it can have a significant impact. If an attacker can access your Operating System physically, especially if it is already unlocked, all your earlier cyber security tools become useless. Always restrict physical access to your Operating Systems, tools, and assets. Watch out for people spying on you physically as you input passwords, and if you ever must give a third-party access to any of these, ensure it is a trusted and verified party, and ALWAYS under direct supervision.
Social Engineering Defense and OSINT exposure
The reason for verification and supervision is simple yet critical; when attackers realize that they cannot penetrate systems via any digital vulnerabilities, they instead attack and exploit the individuals associated with these systems. Thanks to the modern digital age, gaining and exploiting an individual’s momentary trust is significantly easier. The process of doing this is called Social Engineering.
A key part of this process involves researching the target using all information available about them, a significant percentage of which is publicly available via social media. Gathering and analyzing this publicly available information is known as Open-Source Intelligence (OSINT). OSINT awareness involves managing your online presence and restricting the public availability of your information as much as possible, reducing your attack surface area. An example of how even apparently meaningless information can be used against you is as follows:
An attacker wants Frank to click on a link to gain access to his system. The attacker sees via Franks Facebook profile that he loves dog shows. The attacker crafts an email for Frank with the Title “New Orleans Dog Show,” makes a claim to have images of the cutest show dogs, and provides Frank with a link to click to access those pictures. Unfortunately, if Frank isn’t Cybersecurity aware, he is likely to click on the link of interest, thus compromising his system.
At Trenchant Cyber Ops we offer an OSINT audit that you can use to assess your OSINT-related risks. You can buy it as a stand-alone service or as part of a larger penetration testing service for your home or enterprise systems. Click here for more information
Conclusion
In conclusion, cybersecurity risks will continue to increase as the world becomes more digital. The only way to effectively protect your digital assets is to stay aware of the risks and use the right tools to minimize them. This article series has given you all the basic knowledge you need to start defending your digital territory today.
Stefano Ingram