INTRODUCTION TO SYSTEM AUDITING

What is a VPN?

Virtual Private Network (VPN) technology creates a secure tunnel between your device and either the network at work or an Internet server, effectively creating an extension of private networks across public ones to allow users to send and receive data as though their computing devices were directly linked into them.

 

Why is VPN Important?

VPNs are crucial for preserving privacy and securing data exchange in a world where data breaches and surveillance are significant concerns.

·       Encryption: VPN provides strong encryption to ensure that even if cybercriminals intercept data they cannot read it.

·       Anonymity: VPN can mask your IP address, making your online actions virtually untraceable.

·       Remote Access: VPNs provide a secure way for remote employees to access necessary resources on their company's network.

Understanding Secure Remote Access

Secure remote access refers to any method by which an individual may connect securely with a network from outside its location - this may involve VPNs but could also involve using other strategies and tools.
Ensuring secure remote access is crucial in protecting your network. This involves several elements:

·       Authentication: Ensure only authenticated users can gain entry to a network using passwords or alternative methods like biometric verification and multi-factor authentication.

·       Authorization: This involves managing user permissions, so users can only access the data and systems they need for their work.

·       Encryption: As mentioned above, encryption involves encoding data so it cannot be read if intercepted and read by third parties.

·       Monitoring: Continuously monitoring network activity can help identify any unusual or suspicious behaviour that might signal a security breach.

 

Types of VPNs

There are various VPN solutions designed for specific uses; and requirements:

1.     Remote Access VPN: Allowing users to securely connect with private networks remotely is often employed by corporate employees in order to securely access their company network from home or while travelling.

2.     Site-to-Site VPN, also referred to as Router to Router VPN, allows for seamless communication between networks located at different offices by securely linking their networks together.

3.     IPsec (Internet Protocol Security) VPN: This protocol suite is used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a communication session.

4.     SSL (Secure Socket Layer) VPN: Provides access to web applications from different locations and types of devices securely while only giving access to specific resources on a network (rather than all).

Understanding VPNs and secure remote access tools in this digital era where much work can be completed remotely is vitally important to cybersecurity professionals.

They allow us to keep networks secure even if users are distributed across disparate locations - remembering that security goes beyond technology alone: trust is what keeps networks functioning well!

 

                                                System Security

This topic is intended to introduce you to system security.

Topics to Be Covered:

• Operating system security principles.
• Secure configuration and hardening of OS.
• User and account management.
• Patch Management and vulnerability assessment.

 

 

 

 

Security Mechanisms in Operating Systems

• Authentication: Identify verification is the process of authenticating users, processes or devices on an operating system, typically through username and password authentication; more advanced systems might also use biometric information or security tokens as methods of confirmation.
• Access Control: An access control mechanism within an OS is designed to regulate access to certain resources within it by following certain rules that determine who or what can access which resources.
• Encryption: Encryption can protect information stored within an OS as well as data being transmitted into or out of it.
• Audit and Logging: Monitoring system activities is important in detecting any irregular or suspicious activities on an operating system (OS), from user log-in/out sessions and file access events to special notifications such as suspicious email communications. OS keeps logs of these and many more activities for your review.

Operating system security is at the core of overall cybersecurity, making up one of its three pillars. Understanding its principles is vital in creating and maintaining secure systems; next we'll delve deeper into specific ways we can secure different operating systems like Windows, Linux and MacOS.

 

Remember, any system is only as safe as its weakest link; even minor breaches in OS security could give cybercriminals an entryway into your OS and provide opportunities for attacks. Therefore, always remain alert and strive to learn.

Secure Configuration and Hardening of OS

Hardening of an operating system comes into play after installation as many features which, although useful, could create potential vulnerabilities if left unsecured. Hardening provides one way of protecting these features against being misused.

What is OS Hardening?

OS hardening is the process of securing an operating system by reducing its surface of vulnerability. This is achieved by configuring the OS securely, turning off unnecessary services, deleting unused accounts, keeping the system updated, and applying the necessary security patches.

Secure Configuration

Step one in hardening an OS is configuring it securely. While the exact process varies based on which OS is being used, here are some general steps:

1. Removing Unused Software and Services: Every program and service running on an OS represents an entry point for an attacker; to lower this risk, any unnecessary programs and services should be removed to lower the risk.
2. Managing User Accounts: Be certain all default passwords have been changed with strong, unique ones that limit administrative privileges to only as many accounts.
3. Install Firewalls and Intrusion Detection Systems: These essential security tools help keep threats away.

Key Aspects of User and Account Management

1. User Registration: This involves creating user accounts, usually with a unique username and password. Additional identification methods, like two-factor authentication, can be employed.
2. Privilege Assignment: Assign users the minimum privileges they need to perform their duties. Avoid giving administrative privileges unless necessary.
3. Account Monitoring: Keep track of user activities and watch for unusual behaviour, such as repeated login failures, which might indicate a security threat.
4. Account Deactivation or Deletion: Unused accounts belonging to former employees should be immediately deactivated or deleted so as to prevent misuse and any potential breaches in security.
5. Password Management: Enforce strong password policies. This may include minimum password lengths, complexity requirements, and regular password changes.

Best Practices for User and Account Management

• Follow the Principle of Least Privilege: Assign users only the privileges they need.
• Enforce Strong Password Policies: Require complex, unique passwords and regular password changes.
• Use Two-Factor Authentication (2FA): 2FA greatly increases account security by requiring a second form of identification.
• Regularly Review Accounts and Privileges: Regularly check for outdated or excessive privileges and inactive accounts.
• Train Users: Educate users about secure behaviour, such as not sharing passwords, recognizing phishing attempts, and reporting suspected security incidents.

User and account administration is essential in developing an effective cybersecurity plan. By carefully controlling access to your systems, user and account administration allows you to greatly decrease both internal and external security incidents.

What is Vulnerability Assessment?

Vulnerability assessment refers to identifying, quantifying and prioritising (or ranking) vulnerabilities within an organisational system in order to provide them with all of the knowledge needed to address and mitigate risks more proactively.

Why is Vulnerability Assessment Important?

1. Identification of Weaknesses: Vulnerability Assessments help uncover vulnerabilities within your systems before they can be exploited by attackers.
2. Prioritising Resources: By ranking vulnerabilities based on severity, assessments help organisations prioritise their remediation efforts.
3. Maintaining Compliance: Regular vulnerability assessments can be a requirement of regulatory compliance standards.

 

Understanding and following best practices for patch management and vulnerability

 

Lesson Summary

• Cybersecurity refers to the practice of safeguarding computer systems, networks, and digital information from any unwarranted access, use, disclosure, disruption, or destruction. At present, cybersecurity holds enormous value.
• Understanding cybersecurity fundamentals is the first step toward protecting yourself or your business against potential cyber threats.
• One of the key functions of cybersecurity is protecting sensitive data - be it personal details of individuals, intellectual property of businesses, or classified government files.
• As we progress into a digital society, cybersecurity will remain at the centre of discussions.
• An attack vector is any route through which an attacker gains unauthorised entry to a computer or network with malicious intentions and delivers their payload or payoff.
• Network security refers to practices and policies implemented to detect, deter and monitor any unlawful access, misuse, modification, or denial of computer networks and related resources in an effort to safeguard infrastructure as well as data.  
• Network security is crucial in today's interconnected world to protect sensitive data and prevent disruptions to service. 
• Network security entails multiple layers of defences at both the edge and in the network, each layer implementing policies and controls designed to allow only authorised users access to network resources while keeping malicious actors away.  
• Network protocols are rules designed to facilitate data communication among computers and devices in a network, and to facilitate its data packet delivery smoothly from source to destination.
• Understanding network protocols and their vulnerabilities forms a critical part of network security.
• An Intrusion Detection System (IDS) monitors network traffic for any suspicious activities that could indicate potential intrusion attempts and sends alerts when such activity is spotted.
• Understanding VPNs and secure remote access tools in this digital era where much work can be completed remotely is vitally important to cybersecurity professionals. 
• Operating system security (OSS) refers to measures and controls implemented within an OS in order to shield itself against threats and attacks from within and without. 
• Operating system security is at the core of overall cybersecurity, making up one of its three pillars.  
• Hardening an OS is an integral step towards protecting it against potential attacks and can dramatically decrease its attack surface and protect it from threats. 
• User and account administration is essential in developing an effective cybersecurity plan. 
• Understanding and following best practices for patch management and vulnerability assessments will significantly lower cybersecurity risks for businesses of all types and sizes.