Cyber Security Technology Map (en)

Roadmap https://roadmap.sh/cyber-security

Network security a.k.a Cyber Security has become essential knowledge for those who want to engage seriously in the Internet. Unfortunately, technology has evolved to such complexity that network security professionals must learn a lot to fully understand the entire concept and technology of network security. To facilitate the learning process, it is wise to pay close attention to the attached image that contains a map of network security technologies. A very good reference on this can be found at http://www.sans.org.

Generally, the topology of computer networks consists of the worldwide public Internet network and the internal Intranet network found within companies/institutions. Between the Internet and Intranet, there is usually a De-Militarized Zone (DMZ) limited by a Filtering Router towards the Internet, and a Firewall towards the Intranet. In this De-Militarized Zone (DMZ), various servers are usually installed, such as, Mail Server, FTP Server, Web Server, and DNS Server.

Based on the network topology above, we can divide the technology of network security into four (4) major parts, namely:

• Penetration testing
• Certificate Authority / PKI
• Vulnerability Testing
• Managed Security Services

Let's look at the technologies that are part of these four (4) sections, in general,

Penetration Testing includes:

• Active Content Monitoring / Filtering, typically placed on mail servers in the DMZ.
• Intrusion Detection - Host Based, typically placed on servers in both Intranet and DMZ.
• Firewall, serving as an intermediary between Intranet, DMZ, and Internet.
• Intrusion Detection - Network Based, used to monitor the Intranet.
• Authorization, operated on the Intranet.
• Air Gap Technology, operated in the De-Militarized Zone (DMZ).
• Network Authentication, operated on the Intranet.
• Security Appliances, typically in the form of hardware Firewalls.
• Security Services: Penetration Testing, external companies that provide services to us.
• Authentication, operated on the Intranet.

Certificate Authority / PKI, supports other technologies & can be operated on servers in the Intranet, consisting of:

• Certificate Authority, on both Intranet and Internet.
• File & Session Encryption, operated on the Intranet
• VPN & Cryptographic Communications, started in the De-Militarized Zone and used to penetrate to the Internet towards another Intranet.
• Secure Web Servers, operated in the De-Militarized Zone (DMZ).
• Single Sign On, on servers.
• Web Application Security, on Web servers.

Vulnerability Testing, usually done by auditors or security managers, includes:

• Vulnerability Scanners - Host Based, operated on Intranet servers
• Real-Time Security Awareness, Response & Threat Management, used by security managers.
• Vulnerability Scanners - Network Based, operated on filtering routers connected directly to the Internet.

Managed Security Services, comprises non-technical management support for network security. Issues include:

• Enterprise Security Policy Implementation.
• Managed Security Services.
• Enterprise Security Administration.
• Security Services: Policy Development.
• Trusted Operating Systems, installed on all computers.
• Anti D.D.O.D Tools.

Next, let's look at the various concepts with more detailed explanations.

Penetration Testing

• Active Content Monitoring / Filtering. When you connect to the Internet, you risk exposure to computer viruses, malicious Java/Active-X scripts, etc. This tool checks all incoming content to the network/computer and continuously updates its library.
• Intrusion Detection - Host Based. Host-based intrusion detection will monitor log files. It will respond with alarms or counter-attacks if there are attempts by users to access unauthorized data, files, or services.
• Firewall. A Firewall is a system or group of systems that enforce access control policies between two networks.
• Intrusion Detection - Network Based. Network-based intrusion detection will monitor the network and respond with alarms when it identifies patterns of bad traffic, such as scanning, denial of service attempts, and other attacks.
• Authorization. Authentication asks "who are you?". Authorization asks "are you allowed?". With an authorization mechanism, each user accessing resources must request permission from the authorization server.
• Air Gap Technology. This type of hardware/software allows real-time data transfer between the Internet and the backend without opening a hole in the firewall. Sometimes Air Gap solutions require physically disconnecting from the external network. Air Gap cuts off all network protocols, limits access to data at the application layer only, and performs content analysis.
• Network Authentication. This tool uses various approaches to improve the system's ability to distinguish between authorized and unauthorized access.
• Security Appliances. A combination of hardware/software that provides limited services, such as firewalls, network load management, etc. Because its operating system is very limited, it is easier to manage and not targeted by hackers like in general-purpose UNIX or Windows NT systems.
• Security Services: Penetration Testing. Consulting organizations simulate real-world hacker attacks and social engineering attacks. They usually provide advice on how to improve defenses. They typically use network-based vulnerability scanning tools.
• Authentication. Authentication is a process that determines whether something or someone is who or what they claim to be. The simplest form of authentication process is a logon password, unfortunately, it is very prone to theft. Another way to address this is by using tokens that allow for stricter authentication processes.

Certificate Authority / PKI

• Certificate Authority. A Certificate Authority (CA) is an organization that issues and manages security credentials and public keys for encryption & decryption of messages. The certificates managed include public keys that enhance authentication, privacy, and non-repudiation.
• File & Session Encryption. Encryption is a process by which data is changed so that it is hard to open and understand by those who do not have the authority to do so. Sophisticated computer algorithms are used in the encrypt & decrypt process when needed.
• VPN & Cryptographic Communications. A Virtual Private Network (VPN) allows secure communication over the public Internet network. This is very cost-effective for companies with mobile workers or branches, so communication can be done without needing to use expensive private telephone networks. Secure Web Servers. A tool that allows us to provide web services in an engineered environment so that security holes are minimal.
• Single Sign On. A software package that helps users access multiple computers without needing to remember many passwords. Single Sign On does not change the underlying process, but hides existing differences through an additional software layer.
• Web Application Security. Web application security will protect web applications and resources from threats on the Internet, such as, stealing corporate assets, credit card theft, website defacement, etc. This is done by detecting/blocking hacking techniques in this area.

Vulnerability Testing

• Vulnerability Scanners - Host Based. A tool for checking the system settings to determine if they are consistent with the company's security policies. This tool is commonly used by auditors.
• Real-Time Security Awareness, Response & Threat Management. RTSA allows a security manager to see what is happening in a company using many devices from multiple vendors in real-time through a console. RTSA helps reduce the number of personnel needed to monitor many devices.
• Vulnerability Scanners - Network Based. Software that can simulate attacker behavior and study up to about 600 possible system vulnerabilities being attacked.

Managed Security Services

• Enterprise Security Policy Implementation. EPSI allows security managers to automate every security step from a central console, from creating, editing, approving, publishing, distribution, education, compliance, reporting, and maintenance. This tool will enforce socialization, check employee understanding, record incidents, and measure compliance, ultimately aiding IT risk management without overburdening limited staff.
• Managed Security Services. Vendors offering managed security services assume that they will take on a percentage of the work as outsourced. In this way, administrators can do other work.
• Enterprise Security Administration. This tool administers enterprise-level security, ensuring that all users in an enterprise have the same rights and responsibilities. This system is especially useful for providing access for new users and, importantly, removing all access for employees who have left.
• Security Services: Policy Development. Consultants who help develop security policies quickly. They generally already have templates so that security policies can be implemented quickly, such as proper use of e-mail, extranet to PKI.
• Trusted Operating Systems. Because all security mechanisms are highly dependent on the operating system, trusted O/S technology provides the only mechanism on O/S to withstand attacks.
• Anti D.D.O.D Tools. Anti DDoS tools will identify irregular network use. If there is an irregularity, the tool will try to check the legitimacy of access and recommend some preventive steps.

Interesting Links