Centralizēta aizsardzība pret pakalpojumatteices kiberuzbrukumiem

Cyber criminals can exploit configuration errors or technical vulnerabilities in applications, firewalls, or networks to access our information.

An organization must use defense-in-depth technologies to protect against, detect, and respond to cyber-attacks. The techniques should be suitable for controlling physical, logical and administrative controls.

Organization should use tools that support both manual and automated searches, including criteria-based searches. The tool should be able to automatically collate data from different sources to more easily determine whether an incident is genuine, as well as its scope and nature.

These operations and processes can be implemented with SIEM (Security information and event management). SIEM solutions use analytics tools, technology and algorithms (e.g., newer SIEM solutions employ applied machine learning) to help detect unknown threats and abnormalities in the security-relevant data. Also SIEM solutions allow organizations to modify already existing (which usually come pre-configured) and add criteria-based alerts to match known threats. These things will help detect threats earlier.

The organization should Implement measures to secure the organization’s critical systems from Denial-of-Service (DoS) attacks, or at least limit their impact. These could include:

• Reviewing current system vulnerabilities
• Deploying DoS mitigation solutions such as firewalls, intrusion detection systems, and traffic filtering
• Using cloud-based DoS protection services
• Configuring rate limiting and monitoring traffic patterns for anomalies
• Developing a response plan to quickly react to and mitigate the effects of DoS attacks.

Examples of traffic filtering and monitoring systems are firewalls, routers, intrusion detection or prevention systems (IDS / IPS) and network devices / servers / applications with similar functionalities.

To ensure the functionality of filtering and monitoring:

• An owner has been appointed for the systems, who takes care of the proper operation of the system throughout the life cycle of the data processing environment
• It is the responsibility of the system owner to add, change, and delete settings for systems that filter or control traffic
• Documentation of the network and associated filtering and control systems is maintained throughout its lifecycle as an integral part of the change and settings management process
• The settings and desired operation of the systems are checked periodically during the operation and maintenance of the data processing environment and in the event of exceptional situations

The organisation must have the following firewall rules configured and documented:

• Firewall will by default block inbound connections
• Firewall rules are accepted and documented by appropriate and authorized individual; the business need must be included in the documentation
• Permissive firewall rules must be removed or disabled quickly when no longer needed