Volunteers who contribute to the CIS Benchmarks Community help to shape rigorous security measures and standards. Here’s Doug Hunley’s story.

Read More

When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes.   

But how often should you create new passwords? Cybersecurity experts recommend changing your password every three months. There may even be situations where you should change your password immediately, especially if a cybercriminal has access to your account.   

This article explores those exact situations and covers some of the best password practices you can use to help safeguard these important combinations of letters and numbers.   

Change your password immediately if: 

Your account was hacked: If you think someone has hacked your account, it’s important to act fast and change your password. Did everyone in your address book get a strange email that looks like it’s from you? Change your email password. Are your Facebook friends getting a new friend request from you? Something’s not right, so you’ll want to change your password. This can help limit the amount of time a cybercriminal has access to your account.  
You are part of a data breach: If there’s a password breach at work or within a company you do business with, you’ll want to change the password for any affected accounts. If you use that password for any other websites, you’ll definitely want to change your password to those accounts. If hackers get access to your password, they may try it on multiple websites to see what else they can steal.  
You used an unsecured network: As much as possible, try to avoid logging into your secure accounts on public Wi-Fi, such as at a library or cafe. Generally, an unsecured network means your online activity is public. If you need to use an unsecured network, change your password once you’re on a secure network.  It can also be a good idea to look into a smart VPN like McAfee Secure VPN, which automatically turns on to protect your personal data and credit card information even if you need to use public Wi-Fi.   
You discover malware: Your personal information could be at risk if malware infects your computer. If you have high-quality antivirus software (like what’s included in McAfee+) and it detects malware, you’ll want to change your passwords from another device.   
You remove people from the account: If you no longer have contact with someone, there’s no need for them to remain on your Netflix or Amazon account. There’s also no need for an ex to share a bank account or have mobile app access. Create new passwords when you’re no longer sharing an account with someone.  
You no longer use certain accounts: You may have an account you haven’t used in a year, such as from an online retailer. Change old passwords for seldom-used accounts and close the account if you don’t intend to use it again. 

How to create a strong password 

A good password can make it more difficult for hackers to access your accounts. But what exactly makes a strong password? Here are a few criteria. 

It’s used only for one account. While it can be easy to use similar passwords for multiple accounts, hackers might be able to get into your other online accounts if they access just one.   

It’s at least 12 characters long. To make it easy to remember, use a lyric from a song or poem (for example, “andtherocketsredglare”). Or make an abbreviation from the words in a sentence (changing “the quick brown fox jumped over the lazy dog in the backyard” to “tqbfjotlditb,” for instance).   

It’s a complex password. Include at least one capital letter, one number, and one symbol. A computer can guess a password with eight letters immediately. But a 12-character password with at least one uppercase and one lowercase letter, number, and a special character would take 34,000 years to crack. Some sites allow users to create a passphrase. That’s a string of words that can be up to 100 characters long.  

It’s hard to guess. Don’t use information that people who know you or look at your social media can guess. Avoid personal information like your nickname or initials, birthday, address or street name, or a child or pet’s name.  

It doesn’t use common words like “password” or “qwerty.” You’d be surprised how many people use “password123” or “123456” as a password. A cybercriminal would not.  

What are the most common ways passwords get hacked?

A cybercriminal may use a variety of strategies to access your passwords. Here are some of their most common tactics.  

Guesswork: This is why password security requires unique passwords that don’t include personal information.  

Buying passwords on the dark web: Search engines don’t index the dark web. A lot of dark web activity isn’t traceable, including the sale of passwords.   

Phishing: This is when a hacker sends an email that appears to be from a trusted source to trick the recipient into typing in their password.  

Malware: Cybercriminals may infect a device with malicious software that allows them to access personal data, including passwords.  

Shoulder surfing: This could happen in a coffee shop or office if you leave sticky notes showing your passwords on your desk or laptop. 

Spidering: These are bots that search the web looking for personal data.  

Brute force attack: A bot systematically tries thousands of passwords hoping to find the correct one.  

How can you keep your online passwords secure? 

When it comes to keeping your data secure, password complexity is just the beginning. Here are a few key steps for keeping your passwords safe.  

Do a password audit: Review the passwords for all of your accounts. Make sure you’re not using any for multiple websites. See if your passwords are guessable. Do they include personal information like birthdays or addresses? If you find passwords that are weak or repeated, change those first.  
Use multi-factor authentication: Set up multi-factor authentication for important accounts, such as with financial institutions. Logging into a website with two-factor authentication requires you to enter a code sent by text or email in addition to a username and password. Some accounts require multi-factor authentication with biometric factors for added security, such as a thumbprint or face scan. Using multi-factor authentication with long, complicated passwords can make an account more secure.  
Use a password manager: A password manager can help prevent unauthorized access to your online accounts by protecting your passwords with strong encryption. It also comes with a password generator to help you create complex passwords while storing them safely.  
Add an extra layer of security: McAfee+ can help you defend your personal data. If you are hacked or the victim of a data breach, McAfee+ can help with 24/7 identity monitoring and alerts, plus up to $2 million in identity theft coverage, for greater peace of mind. AI-powered security on unlimited devices also provides real-time protection against viruses, hackers, and risky links. 

With McAfee, you can continue enjoying the internet the way it was intended — free from hackers. 

The post Everything You Need to Know to Keep Your Passwords Secure appeared first on McAfee Blog.

Read More

A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software

Read More

Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024

Read More

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Exploring Defense-in-Depth Architecture security strategy for ICS in the digital transformation era.

Today’s businesses are transforming through integrating IT and OT environments, a shift that’s enhancing efficiency and unlocking new operational capabilities. Key functionalities like remote access and telemetry collection are becoming increasingly central in this digitally integrated landscape.

However, this merger also brings heightened cybersecurity risks, exposing sensitive systems to new threats. To address these vulnerabilities, a defense-in-depth architecture approach is vital. This method layers multiple security mechanisms, ensuring robust protection. Each layer is designed to intercept threats, providing a comprehensive shield against complex cyberattacks and fortifying the organization’s digital backbone.

What is Defense-in-Depth Architecture?

Defense-in-Depth Architecture is a strategic approach to cybersecurity that employs multiple layers of defense to protect an organization’s IT and OT environment. This architecture is designed to provide a comprehensive security solution by layering different types of controls and measures.

Here are the five layers within this architecture:

Layer 1 – Security Management

This layer serves as the foundation of the defense-in-depth strategy. It involves the establishment of a cybersecurity program tailored to support the OT environment. This includes program and risk management considerations, guiding the cybersecurity strategy and influencing decisions across all other layers. It’s essential for organizations to establish a strong security management layer before implementing other layers.

Layer 2 – Physical Security

Physical security measures aim to prevent accidental or deliberate damage to an organization’s assets. This layer includes the protection of control systems, equipment, and intellectual property. It encompasses a range of measures like access control, surveillance systems, and physical barriers, ensuring the safety of both the assets and the surrounding environment.

Layer 3 – Network Security

Building on the foundation of physical security, this layer focuses on protecting network communications within the OT environment. It involves applying principles of network segmentation and isolation, centralizing logging, and implementing measures for malicious code protection. This layer also considers the adoption of zero trust architecture (ZTA), enhancing security by continuously evaluating authorization close to the requested resources.

Layer 4 – Hardware Security

Hardware security involves embedding protection mechanisms directly into the devices used within an organization. This layer establishes and maintains trust in these devices through technologies like Trusted Platform Modules (TPM) and hardware-based encryption. It ensures the integrity and security of the hardware, forming a crucial part of the overall defense strategy.

Layer 5 – Software Security

The final layer focuses on the security of software applications and services that support OT. It includes practices such as application allowlisting, regular patching, secure code development, and configuration management. This layer is vital for ensuring that the software used in the organization is resilient against security threats and vulnerabilities.

How to Implement Defense-in-Depth Architecture

Implementing a defense-in-depth architecture requires a strategic and structured approach to create a multi-layered defense system against various cyberthreats. Here’s a step-by-step guide to effectively implement this architecture:

1. Assessing Organizational Infrastructure

Comprehensive Infrastructure Analysis: Conduct a detailed analysis of your IT and OT systems, focusing on the integration between them. This should involve mapping network structures, identifying all connected devices, and understanding data flow patterns.

Vulnerability Identification: Utilize tools and techniques to uncover weak points in both IT and OT environments, considering the evolving digital transformation initiatives and their impact on security.

2. Developing a Tailored Strategy

Aligning Security with Business Objectives: Tailor your defense-in-depth strategy to support key business objectives such as maintenance of field devices, telemetry collection, or industrial-level process systems, and enhanced data collection and dissemination.

Risk Management Considerations: Incorporate risk management strategies in line with your organizational needs, focusing on the integration and changing requirements of IT and OT environments.

3. Layered Implementation

Layer 1- Security Management

Policy Development and Enforcement: Develop clear cybersecurity policies, including incident response plans, access controls, and data protection protocols.
Continuous Risk Management: Implement a dynamic risk management process that evolves with changing threat landscapes and business needs.

Layer 2 – Physical Security: ·

Protection of Physical Locations: Execute measures to protect physical locations, including architectural elements like fences, gates, and surveillance systems. ·
Access Control and Monitoring: Use access control technologies and monitoring systems such as badge readers and video surveillance to ensure security.

Layer 3 – Network Security:

Network Architecture Principles: Apply principles of segmentation and isolation in network architecture, using devices like firewalls and routers to enforce security policies.
Monitoring and Malicious Code Protection: Deploy centralized logging, network monitoring, and protective measures against malicious code.

Layer 4 – Hardware Security:

Trust and Integrity Maintenance: Focus on maintaining the trust and integrity of devices in your environment, using hardware with embedded security technologies such as Trusted Platform Module (TPM), Advanced Encryption Standard (AES), and Secure Hash Algorithm (SHA). Regularly update firmware and hardware components.

Layer 5 – Software Security:

Rigorous Application Control: Implement application allowlisting to ensure only approved software runs on network devices.
Continuous Software Maintenance: Establish a regular software update and patch management schedule. Use automated tools for efficient patch deployment.

Must-Have Defense-in-Depth Security Technologies

Certain key technologies are essential to implementing a Defense-in-Depth strategy effectively. These technologies enhance each layer of defense and ensure that the architecture operates cohesively to protect against a wide range of cyberthreats.

Firewalls and Network Segmentation Tools

Purpose: To create boundaries within the network, controlling incoming and outgoing network traffic based on an applied rule set.

Importance: Firewalls are fundamental for establishing secure network perimeters and segmenting the network to limit the spread of threats.

Intrusion Detection and Prevention Systems (IDPS)

Purpose: To continuously monitor the network for suspicious activity and potential threats, automatically preventing or mitigating attacks.

Importance: IDPS are crucial in identifying and responding to threats in real-time, providing an essential layer of automated defense.

Access Control and Monitoring Systems

Purpose: To manage and monitor user access to network resources, ensuring that only authorized users and devices can access sensitive areas of the IT and OT environment.

Importance: Robust access control is a cornerstone of both physical and cybersecurity. It prevents unauthorized access and potential breaches.

Encryption Tools

Purpose: To secure data in transit and at rest by converting it into a coded format that can only be accessed with the correct encryption key.

Importance: Encryption is vital for protecting sensitive data from interception and unauthorized access, especially important in OT environments where data integrity is crucial.

Security Information and Event Management (SIEM) Systems

Purpose: To provide real-time analysis of security alerts generated by applications and network hardware.

Importance: SIEM systems are essential for aggregating, correlating, and analyzing security data from various sources, providing a holistic view of an organization’s security posture.

Advanced Endpoint Protection

Purpose: To protect endpoints like workstations, servers, and mobile devices from a spectrum of threats, using techniques like machine learning and behavioral analysis.

Importance: As endpoints are often targets of cyberattacks, advanced protection is crucial for detecting and responding to threats that bypass traditional security measures.

Application Allowlisting

Purpose: To ensure that only verified and trusted applications are allowed to run, significantly reducing the risk of malicious software execution.

Importance: Application allowlisting helps prevent malware infections and limits the scope of potential cyberattacks by ensuring that only known and trusted software is operational.

Patch Management Software

Purpose: To manage the acquisition, testing, and installation of software updates across an organization’s devices and applications.

Importance: Regular patching is key to protecting against vulnerabilities, ensuring that all systems are up-to-date and resistant to known exploits.

Vulnerability Scanners

Purpose: To identify security weaknesses in systems and networks, providing insights into potential vulnerabilities.

Importance: These scanners are essential for proactive security, allowing organizations to address vulnerabilities before they are exploited.

Data Backup and Recovery Solutions

Purpose: To ensure data is regularly backed up and can be quickly recovered in the event of a cyber incident, like a ransomware attack or data corruption.

Importance: Reliable data backup and recovery are critical for maintaining business continuity and protecting against data loss.

Top 5 Defense-in-Depth Security Challenges

Implementing a Defense-in-Depth Architecture is crucial for robust cybersecurity but comes with its own challenges. Here are the top five challenges to be aware of:

1. Layer Integration and Policy Management

Effectively integrating various layers (physical, network, hardware, software) and ensuring consistent policy management across these layers present significant challenges. Ensuring that policies and controls are harmoniously applied across different layers is critical for a seamless defense.

2. Maintaining Up-to-Date Security Measures

Continuously updating security measures, including patch management and application allowlisting, requires rigorous attention. This includes ensuring that updates do not disrupt OT operational capabilities or safety.

3. Adapting to Evolving Cyber Threats

The cyberthreat landscape is constantly changing. Adapting defense mechanisms, such as intrusion detection and prevention systems, and applying advanced strategies like Zero Trust Architecture requires ongoing effort and adaptation.

4. Balancing Security with Operational Requirements

Implementing comprehensive security measures, such as access controls and encryption, must be balanced with the operational requirements of OT environments. This includes considering the impact of security measures on system performance and latency.

5. Training and Awareness Among Staff

Ensuring that all staff members are adequately trained and remain vigilant about cybersecurity practices is challenging but essential. Human error or lack of awareness can often be a weak link in the security chain.

Conclusion

Deploying a Defense-in-Depth Architecture enables businesses to protect their interconnected IT and OT systems better. This approach, focusing on layered security, directly addresses the unique challenges of today’s cyber landscape. It ensures that companies can maintain their operational integrity and trust while embracing the efficiencies of digital transformation.

Read More