IT security is a branch of computer science that deals with the protection of IT systems against dangers and threats. The antagonists of IT security are criminals who try to penetrate other computers without authorisation and steal or delete data.
IT security is not just limited to algorithms and hardware, but also includes far-reaching measures such as employee training, protection of analogue documents or access protection to the building.
Steffen Lippke
How do I learn IT security?
You cannotbuy a book or course on IT security, spend 3 months learning and then spend the rest of your working life with the knowledge you’ve extracted.
00 Hack The Box to Ethical Hacking
You have to continue your training every day for the rest of your professional life if you want to stand a chance against the criminals. The criminals are always trying new methods to attack your company, and you have to be one step ahead of them.
From theory straight into practice
This guide gives you an initial introduction to the objectives, key processes and concepts of IT security.
You need toimplement the theoretical concepts in your company using open source (or non-free software). Because every company is different and has a different history, no company will sell you software that solves all security problems at once.
The 3-step principle for effective familiarisation
Once you have understood the basic ideas behind IT security, start working on one aspect and have a look at the first software for it.
out of self-enrichment (money, blackmail, exploitation of money)
out of activism (hacktivists)
out of boredom (script kiddies)
out of professional obligation (governments employ computer specialists)
Goals of IT security
IT security attempts to ensure the confidentiality, availability and integrity of data and software. On the one hand, IT security uses mathematical methods such as encryption or a hash algorithm to ensure security.
Before you try to “secure” anything in a company, you should get an overview. The people responsible for an IT landscape cannot answer the following basic questions:
How many servers and computers does the company have?
Which servers do not use encryption and why?
How many databases contain customer data?
When was server X last updated?
These questions are essential, and every company should know about them. Take an inventory of …
Devices
Software on the devices
Public services / servers / storage
Databases with critical and non-critical data
…
An NMAP scanner and the Active Directory can help with this task. Devices that are not always switched on must be located by walking through the office.
02 AD can help with the inventory
Old laptops, printers or smartphones are overlooked by thescanning software.
#2 Create incident response plans
IT security experts don’t ask themselves if a hack is possible in the company, but when! The Incident response process consists of five steps that the company goes through in a cycle (according to NIST).
03 Incidnet Trading
1. Preparation
The administrators secure the systems, collect contact details for the contact persons of the subsystems and determine the person responsible for each component.
The Zero Trust concept is declared standard in the IT landscape and old systems are switched off, servers are updated to the latest patch level and employee computers are equipped with an antivirus.
Many steps are necessary to “make” an “insecure” company more secure. This process is cost-intensive and time-consuming.
Steffen Lippke
2. Discovery
On average, it takes 100 days to discover a hack (source). As long as malware does not burn down the server, the only sensible way to monitor a system landscape is to set up a SIEM.
3. Act and recover
On day X, customer data has surfaced on the darknet. Forensic experts examine the systems to find out how hackers got into the company network. A very well-secured IT infrastructure has no chance against the zero-day exploits.
4. Adaptation of the process
The essential step after an incident is to apply what has been learned and better secure the affected systems, provide employees with more targeted training and further optimise processes.
Hackers like to try the same attack again and use the same methods on another server in your IT infrastructure. If you don’t learn from your mistakes, you will only get more problems.
#3 Discover vulnerabilities
A basic method of discovering vulnerabilities is to use scanners, which can
Map your devices
log in to most devices, e.g. via the AD domain
Recognise vulnerabilities in the software used
These findings will help you, and you can patch the systems in a targeted manner. Auto-updates and update routines are useful.
#4 Preparing for certifications
04 Certifications
If you have tidied up your IT landscape and the systems are secured and monitored by a SIEM, then you can aim for certification. Some companies are required to have such certification, but others certify themselves for marketing reasons.
For some customers, IT security can be a purchasing criterion , even if the service is twice as expensive as that of competitors.
Steffen Lippke
Certification allows you to take out IT security insurance at a reduced rate, which covers the residual risk. If the worst comes to the worst, they pay your company compensation, which unfortunately does not restore your reputation.
#5 Train employees
The IT security specialist only sees IT systems, encryption, software and hardware – users need to be trained
Users must be trained. They must not be held accountable for incorrect behaviour if they do not receive regular training. IT security training is like fire safety training in a company. You should endeavour to make it interactive.
Your IT security is only as good as the weakest link. Spear phishing emails can cause huge damage.
IT security guards fall for these emails just like normal users. The reason for this is that in the heat of the moment, a well-worded email tempts the user to click on a link and reveal their password.
Leave a Reply