온고잉
정리BEC 공부/IT2023. 9. 15. 11:39@온고잉
Table of Contents

. brute-force attack 위험은 어떻게 해야 할까?

  • 비밀번호 횟수 제한 (열릴 때까지 계속 비번 들이대는게 brute-force attack)

IT control: preventive, detective control

  1. 피싱 공격: 사용자를 속여 중요한 정보를 공개하도록 하는 사기성 이메일입니다.
  2. 악성코드 : 데이터 유출 및 시스템 중단을 유발하는 바이러스, 랜섬웨어 등 악성 소프트웨어.
  3. 내부자 위협: 직원이 의도적으로 또는 실수로 보안을 위반합니다.
  4. DDoS 공격: 네트워크나 웹사이트에 과부하를 주어 혼란을 야기합니다.
  • 사이버 보안 위협에 대한 대응:
  1. 직원 교육: 피싱 시도를 식별하고 보고하기 위한 정기적인 세션입니다.
  2. 바이러스 백신 소프트웨어: 맬웨어를 탐지하고 완화하기 위한 강력한 도구입니다.
  3. 액세스 제어: 필요한 역할에 대한 데이터 액세스를 제한합니다.
  4. 사고 대응 계획: 위반 시나리오에 대해 잘 정의된 계획입니다.
  5. 네트워크 보안: 방화벽, 침입 탐지 및 암호화.
  6. 백업 및 복구: 정기적인 데이터 백업 및 재해 복구를 계획합니다.
  7. 제3자 위험 관리: 공급업체 사이버 보안을 평가하고 관리합니다.

data replication (=database replication)시 가장 발생할 것 같은 것은?

  • master database 하나로 많은 사용자의 query를 처리하기 어려워짐. query의 대부분을 차지하는 select을 해결하기 위해 data replication이라는 방법을 씀. 두 개 이상의 DBMS 시스템(master, slave)으로 나눠서 application server의 데이터를 저장함. query의 대부분은 select가 차지 하고 있기 때문에 slave database를 생성해서 부하를 낮춰, Read/Select 기능 향상 효과를 얻을 수 있다. Master database 영향 없이 로그를 분석할 수 있다.
  • copying data to ensure that all information stays identical in real-time between all data resources
  • Data replication is the process of creating and maintaining copies of data in multiple locations or on multiple devices. This redundancy serves various purposes, including 아래:
  1. Improved Data Availability: One of the primary purposes of data replication is to ensure that data is readily available, even in the face of hardware failures or network issues. By having multiple copies of data, if one copy becomes unavailable, users can access another copy.
  2. Redundancy: Data replication creates redundant copies of data, which means that the same data exists in multiple places. This redundancy is a key feature for fault tolerance and high availability.
  3. Load Balancing: Replication can be used to distribute data and workload across multiple servers or nodes, which can improve performance and reduce the risk of overloading a single system.
  4. Latency Reduction: In distributed systems, data can be replicated to servers located closer to the end-users or in geographically dispersed locations. This reduces the latency in data access for users in different regions.
  5. Disaster Recovery: Replicated data can serve as a backup in case of disasters such as hardware failures, data corruption, or natural disasters. It provides a means to recover data quickly and efficiently.
  6. Data Consistency: Depending on the replication model used (e.g., synchronous or asynchronous replication), ensuring data consistency between replicas can be a challenge. Systems need to implement mechanisms to maintain data integrity and consistency.
  7. Conflict Resolution: When multiple copies of data exist and can be updated independently, conflicts can arise. Systems must have conflict resolution mechanisms to decide which changes to accept when conflicts occur.
  8. Storage Costs: Maintaining multiple copies of data can increase storage costs. Organizations need to balance the benefits of improved availability with the costs of additional storage.
  9. Network Usage: Data replication can consume network resources, especially in scenarios where data is replicated across wide-area networks or to remote data centers.
  10. Management Complexity: Managing replicated data requires careful planning, configuration, and monitoring. It can be complex, especially in large-scale distributed systems.
  11. Security Considerations: Replicated data can introduce security challenges. Unauthorized access to any of the replicas could lead to data breaches. Security measures like encryption and access controls are essential.
  12. Version Control: Keeping track of different versions of replicated data and managing updates and rollbacks can be complex. Version control mechanisms may be necessary.
  13. Data Synchronization: Ensuring that replicas are kept up to date with the latest changes in the master copy requires synchronization mechanisms. This can involve synchronization protocols and data transfer strategies.
  14. Scalability: Replication is often used to improve system scalability by distributing data and load. However, scaling replication itself may also introduce complexities.
  15. Performance Trade-offs: While replication can improve data access speed, it can also introduce performance trade-offs, especially in terms of write operations, as data may need to be synchronized across multiple replicas.

Data masking (=data sanitization, obfuscation)

  • 데이터 속성을 유지한 채, 새롭고 읽기 쉬운 데이터를 익명으로 생성하는 기술
  • ETL 단계에서 이루러진다. (load 시점) 
  • Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functional substitute for occasions when the real data is not required.
  • 원 값으로 복구 불가 (cannot be reverse engineered)
  • scramble, sustitute, shuffle, data aging, variance, mast out, nullify 방법이 있음 
  • static/dynamic/on-the-fly data masking이라는 종류가 있음 

Cloud phishing

  • Cloud phishing, also known as cloud-based phishing or cloud email phishing, is a type of cyberattack that targets cloud-based services and platforms to steal sensitive information, such as login credentials, financial data, or personal information. This form of phishing specifically leverages cloud services to deceive users and gain unauthorized access to their accounts or sensitive data. Common targets for cloud phishing attacks include cloud-based email services like Gmail, Outlook, or cloud storage platforms like Google Drive or Dropbox.
  1. User Education and Awareness:
    • Phishing Awareness Training: Regularly train employees and users to recognize phishing attempts, including cloud phishing scams. Provide examples and conduct simulated phishing exercises to educate them about the risks.
    • Security Awareness Programs: Establish ongoing security awareness programs to keep users informed about evolving threats and best practices for staying safe online.
  2. Email Filtering and Anti-Phishing Solutions:
    • Implement robust email filtering and anti-phishing solutions to automatically detect and block phishing emails.
    • Use advanced threat protection tools that can identify and filter out malicious links and attachments in emails.
  3. Multi-Factor Authentication (MFA):
    • Enforce MFA for all cloud-based accounts and services. This adds an additional layer of security, making it harder for attackers to gain unauthorized access even if they obtain login credentials.
  4. Email Authentication Protocols:
    • Implement email authentication protocols such as DMARC (Domain-based Message Authentication, Reporting, and Conformance), SPF (Sender Policy Framework), and DKIM (DomainKeys Identified Mail) to help prevent email spoofing and domain impersonation.
  5. Regular Software Updates and Patch Management:
    • Ensure that all software and applications, including cloud-based email services and clients, are kept up to date with the latest security patches and updates.
  6. URL Inspection and Filtering:
    • Use web filtering tools to inspect and block suspicious or malicious URLs that users may encounter in emails or web content.
  7. Security Information and Event Management (SIEM):
    • Implement SIEM solutions to monitor network and cloud activity for signs of suspicious behavior and potential phishing attacks. Set up alerts for unusual login attempts or access patterns.
  8. User Access Controls:
    • Limit user access permissions to only the resources and data they need to perform their jobs. This can minimize the impact of a successful phishing attack.
  9. Incident Response Plan:
    • Develop and regularly update an incident response plan specifically addressing cloud phishing incidents. Ensure that your team knows how to respond swiftly and effectively to mitigate the impact of a successful attack.
  10. Email Verification for Suspicious Requests:
    • Train users to verify the legitimacy of any email requests for sensitive information or financial transactions, especially if they seem unusual or urgent.
  11. Continuous Monitoring and Auditing:
    • Regularly monitor and audit access logs and activities within cloud services to detect unauthorized access or suspicious behavior.
  12. Vendor Security Assessments:
    • Evaluate the security practices and controls of cloud service providers and third-party apps integrated with your cloud environment to ensure they meet your security standards.
  13. Data Encryption and Data Loss Prevention (DLP):
    • Use encryption for sensitive data both in transit and at rest. Implement DLP solutions to prevent the unauthorized sharing of sensitive information.
  14. Regular Security Assessments and Penetration Testing:
    • Conduct security assessments and penetration testing to identify vulnerabilities in your cloud infrastructure and applications.

ERM performance
IT general control이 아닌 것, 긴 것 
Hash and asymmetric encryption
data mining
New accounting system 도입으로 인한 SOD impact

1. 피싱 이메일 우려, 어떻게 해야 할까?
Technical Controls:

  1. Email Filtering and Anti-Phishing Solutions:
    • Deploy advanced email filtering and anti-phishing solutions that can detect and block phishing emails before they reach users' inboxes. These solutions often use machine learning and threat intelligence to identify phishing attempts.
  2. Domain-based Message Authentication, Reporting, and Conformance (DMARC):
    • Implement DMARC to prevent domain spoofing and email impersonation. DMARC helps ensure that only legitimate senders can use your domain in email headers.
  3. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM):
    • Configure SPF and DKIM to authenticate the sender's identity and verify the integrity of the email's content. These protocols help prevent email spoofing.
  4. Multi-Factor Authentication (MFA):
    • Enforce MFA for email accounts to add an extra layer of security. Even if an attacker obtains login credentials, MFA can prevent unauthorized access.
  5. User Training and Phishing Simulations:
    • Conduct regular phishing awareness training for employees to educate them about recognizing phishing emails. Phishing simulation exercises can help reinforce training.
  6. URL Inspection and Filtering:
    • Use web filtering tools to inspect and block malicious URLs contained within emails. These tools can prevent users from accessing phishing websites.
  7. Attachment Scanning and Filtering:
    • Implement attachment scanning and filtering to detect and quarantine malicious attachments, such as malware-infected files or ransomware.
  8. Email Encryption:
    • Encrypt sensitive email communications, especially when transmitting confidential or personal information.
  9. Security Updates and Patch Management:
    • Keep email server software and email clients up to date with the latest security patches to mitigate vulnerabilities that attackers might exploit.

Non-Technical Controls:

  1. Security Policies and Procedures:
    • Develop and enforce email security policies and procedures that outline best practices for email use, password management, and how to report suspicious emails.
  2. Incident Response Plan:
    • Establish an incident response plan that includes procedures for identifying, reporting, and responding to phishing incidents. Ensure employees know how to report phishing attempts.
  3. User Awareness and Education:
    • Continuously educate employees about the risks of phishing and the latest phishing techniques. Encourage a culture of security awareness.
  4. Email Signature Verification:
    • Train employees to verify email sender identities, especially in cases of unusual or unexpected email requests.
  5. Employee Verification for Sensitive Requests:
    • Implement a process for employees to verify the legitimacy of sensitive requests received via email, particularly those involving financial transactions or access to sensitive data.
  6. Regular Security Assessments:
    • Conduct regular security assessments, including vulnerability assessments and penetration testing, to identify and address email security weaknesses.
  7. User Access Reviews:
    • Regularly review and update user access permissions to ensure that users have the minimum level of access required to perform their roles.
  8. Phishing Reporting and Analysis:
    • Encourage employees to report phishing attempts and establish a process for analyzing reported phishing emails to improve detection mechanisms.
  9. Vendor and Third-Party Risk Assessment:
    • Assess the email security practices of third-party vendors and partners that have access to your organization's email systems or data.

2

저작자표시

'BEC 공부 > IT' 카테고리의 다른 글

정리본  (0) 2023.09.15
data life cycle  (0) 2023.09.14
Computer Crimes  (0) 2023.09.11
COBIT  (0) 2023.09.11
Data anlaytics  (0) 2023.09.08
BEC 공부/IT 추천 글
more
image

티스토리툴바