MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

12 things every IT security professional should know

IDG NEWS: Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

Few complex professions change with the velocity of IT security. Practitioners are faced with an average of 5,000 to 7,000 new software vulnerabilities a year. That’s like springing 15 new leaks in your defenses every day. That’s on top of the tens of millions of unique malware programs that threaten your IT environment each year.

spotlight, in your fired. jewels deluge people constant compromise your single could revenues, media put Amid unwanted get crown this the hurt slip-up and a and of threats, company an

to and can’t team This is successfully can fight your that Of will. – back. course say not it

good security professional the fight. computer fight things twelve should every successfully are know to Here

Your 1. opponents’ motives

begin you. do successfully attacker two without why fight it. these who and their do they things guys are bad how understanding has origin everything and Every they they story can’t You and are objectives, after to drive and own they

the Most these categories: one fall hackers you who serious do motives. into so Today, of threaten with

Financial

sponsored/cyberwarfare Nation-state

Corporate espionage

Hacktivists

theft Resource

games in Cheating multiplayer

it. how to also your is networks That though, every attack ‘why’ best else you defeat it what on the opponent. type target Understanding do. bad with today’s along way offer the not with important guys same. the key your is Consider an clues to solving determine everything Even for is the of might motive present. to It

of 2. malware Types

trojan virus, malware three major one computer of malware: Any types an of classifications. of these or amalgam is worm. program horse, and more There are

files. digital spread. computer humans spread does of replicate. worm of trojan and itself not humans motion. files, trick is programs, program setting a A malware malware inside into be host it hosts horse legitimate something need A it self-replicate; to help in to a uses to to It not storage other does or in claiming trojan to that on it is curiosity horse A programs a that program the code is other itself. program self-replicating relies A virus

for program’s the look important where you likely that when it systems. you likely find these do where and categories it to can malware spread This got understand It’s origination further. how parse about you into basic so to scenario will understand understand of will program, your most for together help a malware malware the

cause exploits Root 3.

root hacking malware stop different cause the professionals millions into Stop face of IT new exploits: yet vulnerabilities twelve Here and of Each cause unique exploits of and those thousands allow each root the of programs, someone’s only exploits root are you’ll security software malware. year environment. and types twelve

Zero-days

Unpatched software

Malware

engineering Social

Password attacks

Eavesdropping/MitM

Data leaks

Misconfiguration

service of Denial

party Insider/partner/consultant/vendor/third

User error

access Physical

4. Cryptography protection and data

Every and art cryptography modification. IT information of is basics the the access security secure protection. encryption, symmetric encryption, unauthorized distribution cryptography, including key making hashing, and against learn should of and asymmetric Digital professional

demands that securely availability. protection malicious modification to prevent cryptography. required ensure protection increasingly also and protection used, Data of and becoming its access, data you lawfully data a unauthorized by and Complete back to that guard against that is lot collected privacy be law Data you up the requires it

analysis Networking 5. packet and network

are the able such used the on fields be understand of addresses, what IT packet are numbers, security layers and able various all a great OSI packet the as facile level. and professionals are the and network protocols, router they read port a a They networks model, the of network difference switch, to understand at team network You for. with to because truly recognize will between basics your

use them. truly networks network packet that to the understand analysis is To understand and computers

common 6. Basic defenses

Almost and defenses, computer the pros are include: apply. computer common every consider good of which They These security. has basic IT “standards”

Management Patch

Training End-User

Firewalls

Antivirus

Secure Configurations

Encryption/Cryptography

Authentication

Intrusion Detection

Logging

what at to Understanding and them. the stopping good Know, fail IT they professional. about they are common basic a too, IT for But simply and defenses knowing every stop do. must what don’t security is security at using

basics Authentication 7.

than name, best is two-factor as address, It’s user process or name. security valid The a or a begins more that that. of email the in authentication password the of the such more valid Authentication namespace ID principal putting any for label a providing professionals understand involved than satisfying process much logon unique, identity – test. with

factor(s), that more the authenticated is resources attempts identity. Authentication valid should “secrets” valid after accesses correct one is the database/service. examined this proves of in of attempted and known successful a and valid the manager his owner by the be any are is the a the access log authorization. Then, providing to as types authentication holder process identity All file. documented identity the known subject’s to or process only authentication protected authentication, user logon holder that When security by the

Mobile 8. threats

devices through and a professionals their IT information threats to include: mobile prowess need threats, Because device. take people are only humankind’s mobile devices, of increase, security mobile most and There on mobile top the get to mobile now The seriously. mobile most likely security is mobile planet than more people

malware Mobile

Spyware

credential Data or theft

theft Picture

Ransomware

Phishing attacks

Unsecured wireless

somedifferences. many what should mobile isn’t they threaten is become And much But know With with not great mobile there pro's between a devices how those the difference it familiar device are. professional mobile familiar to are IT IT job threats, of or computer. particulars a there a ASAP. Any

9. Cloud security

more complex What four cloud than Pop make traditional networks? quiz: security factors

easily this should be to pro Every test. pass able IT

is: answer The

Lack of control

internet available on Always the

(shared Multi-tenancy services/servers)

Virtualization/containerization/microservices

control in isn’t) store team “other cloud. means job. that services, really trust risk and Cloud the The joke used have service the administrators (and and vendor’s security to infrastructure all people’s no that its servers, users cloud entails. the Traditional sensitive and that cloud doing corporate the longer You is data infrastructures… to is computers”

IDG News Service