Page 33 - info_oct_2021_draft13
P. 33
the user accounts and passwords till open ports attention and protection to avoid any incident
and protocols are made to enable plug-and-play that may turn out to be a crisis as they are the
deployment of the solution with less security. It is interface where human beings usually interact.
often found that these configurations are seldom Malware is the most common attack vector that
modified for lack of time, expertise and even fear targets the endpoints. They are malicious software
intentionally designed to disrupt, damage and
of malfunctioning, leaving wider attack surfaces
Preventing Cyber for the attackers. Therefore, each hardware and gain unauthorized access to computer systems
software component should be put in use only
and networks. Security solutions that prevent
after proper hardening and secured configuration
following the principle of zero-trust. Subsequent the malware from entering, executing, accessing
sensitive data, and infiltrating the data, should
Crisis modifications in the settings should be done only be deployed to safeguard the endpoints. As
after following a proper change management
newer mutants of malware are getting generated
process. All the solutions should be periodically
subjected to security audit to ascertain any rapidly, traditional antivirus solutions are seldom
effective to counter this nuisance. Next generation
deviation from the established security norms. solutions based on Artificial Intelligence, Machine
Learning and Behavior Analysis are need to detect
Vulnerability Assessment and and mitigate fresh variants of malware.
Patch Management
Vulnerabilities in operating systems, User Awareness and Capacity
development frameworks, browsers, etc. are entry Building
points for cyber-criminals to leash out attacks. Many organizations tend to neglect the most
An un-patched system gives attackers an easy important layer of defense against cyber-attacks
avenue to penetrate the network and compromise - the end users. Human Beings being the weakest
the cyber infrastructure of the organization. With link in Cyber Security paradigm, continuous efforts
novel vulnerabilities and exposures getting need to be made to keep them aware and alert
reported every day, organizations should make of the latest Tactics, Techniques and Procedures
conscious efforts for vulnerability and patch (TTPs) of cyber-criminals. New vulnerabilities are
management based on cyber security alerts emerging every day and a proper understanding
being raised by the concerned agencies. A pro- of the prevention, detection and mitigation
active mechanism to identify, mitigate and techniques is very essential to remain protected.
in all spheres of their functioning through patch the vulnerabilities should be established Security awareness empowers people connected
appropriate policies, processes and protocols. To and linked with the inventory management with business to perform their roles by protecting
begin with, the following baseline requirements system mentioned earlier. Client users should be the organization from potential security threats.
are recommended as ‘must haves’ for all encouraged to regularly avail the updates from Any investment in cyber capacity building
organizations to secure against cyber crises. OEMs by enabling the auto-update feature of the will enhance the success rate of other policy
system and application software. initiatives in long-run. Thus, awareness creation
Inventory of hardware and Controlled use of Admin is a marathon process, not a sprint race that can
software assets be accomplished in a short period of time.
Maintaining an accurate and up-to-date privileges Conclusion
inventory of hardware and software assets related Misused Admin privileges are a common Cyber space is an intrinsic part in the
to the organization is the first and foremost step cause of security breach in any network. Admin development of any country. Attacks on critical
for ensuring protection against cyber-attacks. A privileges must be restricted in the system and information infrastructure are continuously being
latest inventory is very essential to control the application software as well as network and leashed-out by state and non-state actors, posing
access for these solutions, besides detecting the security appliances. Practice and propagate the threat to national security. The identity and
unauthorized ones and hardening the vulnerable principle of least privilege, as running computer in capability of the attackers are seldom known and
ones. Keeping such a record of assets deserves administrator role leaves it vulnerable to security this often gives them an edge over the victims.
importance because, as the saying goes, we cannot risks and exploits. Access to any system should be With cyber-crime growing into a multi-billion-
protect what we do not know. An automated asset provided only on a Need to Know basis. Additional dollar industry, cyber-criminals are increasingly
management system may be deployed for this user accounts created on need basis should be getting empowered and creative day-by-day.
purpose as newer solutions are being added and deleted or deactivated once the requirement is Organizations must have a strong and agile
obsolete and faulty ones are getting removed on over. Any temporary escalation of user privileges security posture to deal with these headwinds
a daily basis, especially in large organizations. should be undone immediately after the and ensure reliable and responsible service to
Obtaining a one-time-approval should be made proposed task is accomplished. Activities that their users.
require admin privileges should be performed
mandatory before connecting new systems in by the designated system administrator only and
the corporate network. A stringent Bring Your the admin should use due diligence while using
Own Device (BYOD) policy which also includes the system and privileges. Actions performed by
employee exit strategy may be put in place.
privileged users should be constantly logged and
Secured configuration of regularly monitored to detect any adverse events.
For further information, please contact:
Hardware and Software Endpoint protection C.J. Antony
The configurations with which the hardware Endpoint of the information technology Dy. Director General & HoG
Network Security Group
and software solutions are released by the network consisting of desktops, laptops and hand- National Informatics Centre, A-Block, CGO Complex
OEMs are meant for easy and quick installation held devices are often turn-out to be the start Lodhi Road, New Delhi - 110003
in a network. The default settings ranging from point of a cyber crisis. Endpoints need special Email: antony@nic.in, Phone: 011-24305166
October 2021 informatics.nic.in 33
