Combat Cyber Threats – Counter Measures
There are a variety of different technical counter measures that can be deployed to thwart cybercriminals and harden your systems against attack.
Firewalls, network or host based, are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point.
Antivirus can be used to prevent propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hotfixes, service packs, and patches to keep computers on a network secure.
Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP) and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), or Internet Protocol Security (IPSec)to ensure data security during transmission.
Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard (DES), Triple DES, or Advanced Encryption Standard (AES) to ensure security of information in storage.
Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer’s BIOS are also effective countermeasures to against cyber-criminals with physical access to a machine.
Additionally, network vulnerability testing performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness. Furthermore network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks.