[ad_1]
This is part 6 of the IT Fundamentals series. These articles are based on excerpts from the Society of Broadcast Engineers CBNT/CBNE Study Topics webinar series, designed to assist those seeking SBE certification and to provide others with a broad overview of IT used in broadcast engineering. (The series starts here.)
Today’s broadcast station relies on information technology and infrastructure based on Internet Protocol, whether it is a small radio station or a state-of-the-art mass market radio or TV station. Moving to an IT-based infrastructure brings benefits in terms of capability, flexibility, scalability and cost effectiveness. However, with that comes the downside of being exposed to cyber attacks.
Protecting the infrastructure against such threats becomes more and more challenging for the broadcast IT engineer every year.
Cyber security is an essential responsibility and cannot be ignored. It is often seen as a complex undertaking. It is a multifaceted discipline that can become confusing and challenging.
However, cyber security is based on a few simpler basic principles. These guidelines and best practices seek to reduce cyber risks and protect your organization’s IT assets.
Basic principles
The CIA triad is one such principle. It defines the policies and objectives of cyber security as ensuring the “confidentiality, integrity and availability” of IT systems. (The Triad may also be referred to as the AIC, for Availability, Integrity, and Confidentiality, to avoid confusion with the United States Central Intelligence Agency).
Confidentiality means that data within the IT infrastructure is accessible only to authorized users and systems, regardless of whether it passes through networks, is stored at rest, or is used during work processes.
Integrity refers to ensuring that data has not been unduly modified, tampered with or altered.
Availability refers to IT assets being available to authorized users and systems when needed, but not to those who are not authorized. Although the focus is on malicious actions, this principle can also be applied to avoiding accidental or human error events.
Another principle is Defense in Depth, or DiD, based on establishing redundant levels or layers of security controls within the IT infrastructure so that there is no reliance on a single security measure.
If a security precaution is breached or fails, another will be put in place to prevent any impact. Areas of DiD control include physical infrastructure security, network access, application access, and anomaly detection systems such as anti-virus or AI-based malware detection systems.
The principle of least privilege, or PoLP, is based on limiting the access rights of users and applications to the minimum level necessary to perform a defined business function. Limiting access to IT assets reduces the risk of abuse and the spread of a cyber security threat through the “east-west” movement of the IT system.
The National Institute of Standards and Technology’s Cybersecurity Framework provides a structured set of guidelines and best practices for protecting IT assets and mitigating cybersecurity risks. The framework is organized in the areas of identification, protection, disclosure, response and recovery; these are further divided into several categories and subcategories before a specific guideline or best practice for implementation is reached.
To-do list
With a basic knowledge of the underlying principles and the NIST framework’s long list of best practices, a checklist of cybersecurity prevention steps can be developed.
Such a list might look like this:
- Use a DiD approach to ensure redundant precautions are applied in a structured and coordinated manner
- Segment your network because the right architecture is an important first step in cybersecurity measures (and performance improvement)
- Use encryption and multi-factor authentication (MFA) for any remote access
- Apply PoLP to users and applications
- Restrict or control access with packet filtering and/or firewalls
- Disable (or block) all unused services to minimize the attack plane
- Keep IT network hardware and operating systems up to date and current
- Make sure the default login credentials are changed to strong, unique credentials
- Maintain system backups by following the 3-2-1 rule and know how to restore those systems to their previous state
- Take advantage of network equipment capabilities such as Ethernet switch port security
- Monitor your infrastructure and know what’s normal
- Educate users about the dangers and tactics of social engineering and phishing
Proof of performance
With cybersecurity precautions in place, now is the time to become a hacker—not a malicious or “black hat” hacker, but a “white hat” or ethical hacker, also known as a penetration tester.
The same tools that a malicious hacker might use are applied to verify that appropriate cybersecurity precautions are in place and working as intended, and to look for cybersecurity vulnerabilities so proactive remedial measures can be taken.
CIA Triad Goals Confidentiality, integrity, and availability now become the areas that an ethical hacker or penetration tester will target.
Often called port scanners, open source tools such as “nmap” can be used to search for and find potential vulnerabilities in cyber security by simulating a cyber attack. Scanning tools can be used to identify the host devices that are visible on the network, the operating system in use, the services enabled by active port identification, and the versions of services that are running.
Enhanced capabilities include the ability to script or automate the testing process through the nmap scripting engine (NSE). Advanced detection techniques can be used, such as determining the implemented firewall or packet filtering and firewall evasion and evasion to avoid detection by the prevention system.
Penetration or “pen” testing is the final step in your cybersecurity prevention plan and can be viewed as a “performance proof” of broadcast IT systems to ensure that cybersecurity precautions are working as they should.
The webinar on which this article is based, and many others, are available to anyone for a modest fee, with members receiving a discounted rate and free for those with an SBE MemberPlus upgrade. Please consider joining if you are not a member at sbe.org.
[ad_2]
Source link
