(Security assessment ) Cyber security assessment is also called security evaluation. An organization's information system is often at risk from internal and external threats. With the increasing sophistication of hacking techniques, it is difficult to adequately protect your systems without experience and knowledge of these hacking techniques. Security evaluations utilize extensive security industry experience and state-of-the-art technology in vulnerability scanning to provide a comprehensive assessment of an organization's information systems from both internal and external perspectives. [1] With the combination of platforms, applications, connectivity and speed of change and limited resources, it is more difficult than ever to take all the necessary steps to protect an organization's assets. The more complex the environment, the greater the need for such measures and controls to ensure the continuity of the organization's business processes. There are two types of security assessments, narrow and broad. In the narrow sense, it refers to the analysis and evaluation of the inherent or potential hazards and their severity in a work system with a specific function, and quantitatively expresses them in terms of established indices, levels, or probability values, and finally decides to take preventive or protective countermeasures based on the magnitude of the quantitative values. Broadly speaking, it refers to the process of utilizing system engineering principles and methods to comprehensively evaluate and predict the possible dangers of the proposed or existing projects and systems and their possible consequences, and to propose corresponding safety countermeasures according to the magnitude of the risk of accidents that may result in the process of achieving project and system safety. Safety assessment is also known as risk assessment, hazard assessment, or safety evaluation, risk evaluation and hazard evaluation.
Security Assessment Objectives
In the project assessment stage, in order to fully understand the current security status (security risks) of the enterprise's private network information system, it is therefore necessary to analyze the security status of the network system. The following selected items are evaluated after confirmation from both the security team of our department and the information center of the enterprise. - Evaluation of management system - Evaluation of physical security - Evaluation of computer system security - Evaluation of network and communication security - Evaluation of logging and statistical security - Evaluation of security measures - Overall evaluation
Security Hardening
Overview of Security Hardening
Network and Application Hardening and Optimization Service is a key link in realizing security of customer's information system. Through the use of this service, a security state that meets the customer's security needs will be established at the network, host, and application layers of the customer's information system, and will serve as the starting point for ensuring the security of the customer's information system.
The objects of network and application system hardening often have the following security problems:
1. installation, configuration does not meet the security needs;
2. parameter configuration error;
3. use, maintenance does not meet the security needs;
4. system integrity has been compromised;
5. injected with Trojan horse program;
6. account/password issues;
7. security holes not patched in a timely manner;
8. misuse of application services and apps;
9. security issues in application development, etc.
The Network and Application Hardening and Optimization Service is designed to perform the following actions on the security problems existing in hosts and network devices:
1. Proper installation;
2. Installation of the latest and all the security patches for the OS and application software;
3. Secure configuration of the operating system and application software;
4. System security Risk prevention;
5. Advice on system use and maintenance;
6. System functionality testing;
7. System security risk testing;
8. System integrity backup;
9. System rebuild if necessary, etc.
The above mentioned work will be performed by our team.
The results of the above work determine the process, implementation content, steps and complexity of network and application system hardening and optimization. Specifically, it can be summarized as follows:
1. Define the reinforcement goal is to determine the system after the reinforcement and optimization, to achieve the level of security, usually different environments of the system on the level of security requirements are different, and thus the use of reinforcement solutions are also different. The result of clear reinforcement goals must be able to clearly do reinforcement and optimization of the system how to seek a balance between functionality and security, that is, after the reinforcement can achieve a level of security that can meet the needs of users.
2. Clarify the operational status of the system, including:
a) the specific purpose of the system, i.e., to clarify the ports and services that must be open for the system to work in the environment.
b) the system running on the application system and its normal necessary services.
c) We gathered the system's performance from network scans and manual evaluations.
3. Define the risks of hardening: Hardening the network and applications carries a certain amount of risk, typically downtime, non-functional applications, and in the worst case scenario, a compromised system that cannot be used. These risks are generally due to the system operating conditions of the investigation is not clear, but also because of the cost of reinforcement program is not accurate analysis, caused by misuse. Therefore, it is very important to make a good system backup before reinforcement.
4. System backup: the backup content includes: file system, key data, configuration information, password, user rights, and other content; it is best to do a full backup of the system for rapid recovery. p>
c) System Security Risk Assessment (Network Scanning and Manual Assessment)
For new systems, the results of the System Security Requirements Analysis and System Security Policy Development services are imported. After importing the results of the above services, the security level of the hardened system should be determined, i.e., the level of security that the hardened system can achieve should be determined. The cost of hardening and optimizing the network and application systems must also be determined based on the analysis of the results of the above services.
2. Developing a Hardening Plan
The main content of developing a Hardening Plan is to develop the content, steps, and timetable for the implementation of Hardening and Optimization of the system based on the results of the system state survey
3. Implementing Hardening
The main content of implementing Hardening and Optimization of the system consists of the following two aspects:
a) Hardening of the system
b) Hardening of the system
b) Hardening of the network and application systems
c.
b) Testing the system
The purpose of testing the system is to check whether the system can meet the customer's requirements in terms of security and functionality after the system has been hardened. The above two aspects of the work is an iterative process, that is, after the completion of each reinforcement or optimization steps to test the system's functionality and security requirements to meet customer needs; if one of the requirements can not be met, the reinforcement step should be repeated.
For some systems, there may be cases where the reinforcement fails. If the reinforcement fails, it is the customer's choice to either abandon the reinforcement or rebuild the system.
4. Generate Hardening Report
The Hardening Report is the final report provided to the user after the completion of the network and application system hardening and optimization services. It contains the following:
a) a complete record of the hardening process
b) recommendations or solutions for managing the security of the system
c) results of a security audit of the hardened system
c) results of a security audit of the hardened system
c) results of a security audit of the system.