Securing security infrastructure

Security Systems: Ensuring Protection Against Threats

Security systems are designed to protect individuals’ assets from various threats. The first critical point for the successful implementation of an electronic security system is the correct safeguarding of the system itself. If a system can easily fall prey to internal and/or external threats, it cannot be considered securely implemented.

When an organization decides to implement an integrated security solution or a dedicated platform, such as Physical Security Information Management (PSIM), how should the security manager ensure its safety against internal and external threats? Modern solutions are typically network-based, with an IP infrastructure supporting them. To achieve a successful solution, actions must be taken to design and maintain secure infrastructures. In this scenario, who is responsible for ensuring the security of the network infrastructure hosting the integrated platform? The answer is everyone, and all must be aware that to achieve an acceptable level of security, each person has a role.

It’s crucial that all stakeholders are aware of the necessary actions to secure security solutions and the requirement to maintain the system’s ongoing security. These stakeholders include security solution owners, security managers, users, designers, consultants, and installers. It is also likely that the IT department of end users will be deeply involved in these security efforts, as their infrastructure may support certain parts of the security solution.

Therefore, it is essential for security managers to know which questions to ask their team to ensure the system’s proper security. These questions may spark discussions necessary for raising awareness regarding decisions and guide those responsible for securing the system. The answers to these questions will serve as data for examining operational needs to ensure the system remains secure against attacks.

To formulate these questions, a security manager must first identify the priority and importance of data, systems, and infrastructures that need protection, and gain a basic understanding of how to achieve a secure solution.

The design of the system must ensure physical separation between in-band and out-of-band networks and guarantee no default routing between them, along with proper locking of these systems against status control changes.

A password management software is necessary to ensure correct management of all system aspects through the software, minimizing or eliminating data entry duplication. All default passwords must be identified and changed.

Common Security Issues Requiring Attention:

  • Windows servers and tools, such as guest user access
  • Windows file sharing
  • Basic input/output system (BIOS)
  • Database servers (SQL, Oracle, etc.)
  • Backup software
  • Camera web pages
  • Web/switch/telnet/file transfer protocol passwords
  • Input/output (I/O) and USB/serial device servers
  • Hardware time servers

Network Structure Planning:

The network structure requires careful planning, such as the use of Virtual Local Area Networks (VLANs), firewalls, and fault tolerance management. Intrusion detection and accurate reporting, along with a detailed understanding of the scope and objectives of attacks, are essential tools for overcoming intrusions.

Locking down equipment is an important aspect of controlling user access to functions and software. When users have access, unauthorized changes and interactions occur. This locking should include managing the connection of new equipment or devices, such as USB devices, to computing hardware. Virus and Trojan management are also key factors in defending the system to minimize malware risks.

Frequent and updated software upgrades are provided by software manufacturers for various reasons, including addressing latent flaws and identified security vulnerabilities.

As a general rule, default system configurations often have vulnerable security statuses. An in-depth analysis of these configurations should focus on robust security measures to help protect the security solution.

Regardless of the security actions taken for the system, network, and infrastructure, ensuring a backup strategy and establishing a crisis recovery plan is essential. A monitored archive of sequential backups must be maintained regularly.

The physical security plan should extend to controlling access to all physical hardware, such as servers, switches, and other infrastructure devices. The threat of unauthorized devices and loggers should not be underestimated. Examples of risk mitigation strategies for this type of threat include:

  • Disabling unused network ports to prevent unauthorized device connections
  • Identifying physical disruptions in critical networks and hardware access points
  • Certificate-based authentication
  • Detecting link up/link down activities on the network to alert operators of new device additions
  • Having appropriate event management processes to react accordingly

Additional Security Measures:

All tools must be fully scanned and cleaned before being added to the network. Moreover, tools should be implemented in a controlled manner, ensuring control over what software can be installed. Version management should be carried out throughout the life of the machine. Users should be regularly trained, and risks such as phishing and social engineering should be continually reminded. Following security protocols and processes at all times, without exceptions, is a necessity. All system users, including supervisors and managers, must be aware of the potential consequences of security processes and be able to assess the risks involved.

ISO/IEC 27002 standards can be referenced for new systems and used to develop a continuous management point for expansion.

Key Questions Security Managers Should Ask Their Team:

  1. What are the priorities and importance of the data, systems, and infrastructures that need protection?
  2. How are data with different priority levels utilized?
  3. What threats is the system trying to combat?
  4. What level of risk is acceptable?
  5. What commitments have been made to strengthen the security of the infrastructure?
  6. How often should security and threat assessments be reviewed?
  7. What user training needs to be provided?
  8. What ongoing actions should be taken to maintain system security?
  9. How should security breaches be identified?
  10. In case of a disruption, what actions should be taken?
  11. What level of crisis recovery support is available?

Source: SSMMAGAZINE