Healthcare Network Security Breach – How Deep Does Your Security Run?

Network and Data Security Breaches Are Rising Exponentially

Inetwork security, data breachIn today’s environment of massive data security breaches organizations more than ever need to deploy a defense in depth.

Firewalls no longer are enough to keep hackers out and prevent breaches. Threats can emanate from all directions, and often the first foothold an attacker can get is on a common desktop or laptop of an unsuspecting person who opens an e-mail attachment or visits a malicious website. Defending these systems is hard, but must be attempted. However, in the face of much evidence these systems will remain vulnerable and continue to be the source of many breaches. It is what happens next that must be considered and prepared for.

After the initial successful breach, the goal of an attacker will be to widen their foothold in an organization until they have compromised the valued data, or have control over the valued systems. Attackers spread themselves through additional systems through lateral attacks, jumping from one machine to the next until they can reach their goal. Each step is an opportunity to prevent or detect the attack, or prevent or detect the next attack.

For these reasons layers of security are required to find and prevent each link in the chain of attack.

Techniques For Data and Network Security – BoKS

One technique can be internal segmentation, deploying firewalls that can prevent common assets like laptops and desktops from reaching core systems. Typically these systems would only require access to a relatively few key servers for a relatively few applications. Sadly, internal networks are often wide open, preferring the belief that managing the restrictions is too difficult and costly, and those (reasonable) restrictions have the possibility of impeding productivity.

This can be thought of, in terms of an IT administration practice, as an implementation of least-privileged; least privilege for systems on the network, being granted access to only what services they require. Although blocking traffic at the network boundary is one more layer, the protected core systems should also have a layer of defense of their own. In the case of an enterprise’s Unix/Linux estate, SSH, the administrator’s application of choice, should implement a ‘least-privilege’ access model.

With BoKS you can define which system can connect. Additionally you can define who can connect, from where, when, how they are allowed to authenticate and what they can do when they get there.

 

You may also be interested in: Best Practices for Unix/Linux Privileged Identity and Access Management

system security, identity access management, foxt, active directoryFoxT Access Management & Governance solutions complement your existing technologies by adding granular control and enforcement of authentication and authorization policies for both privileged and end users. www.foxt.com/boks