IT Infrastructure Security

In this article, we will focus on the topic of IT security. This is a very broad subject, and we will thus not be able to cover every aspect exhaustively. Nevertheless, we hope to provide you with an overview of this immensely important topic.

blog-post-img

What is IT Security?

IT security (or IT infrastructure security) encompasses the strategies and measures designed to protect an organization’s IT systems. As these systems are nowadays connected to the internet, the term “cyber security” is also commonly used. On the other hand, the term “information security” refers to the protection of information, which can be stored in both IT systems and on paper.

Why is IT Security important?

With a good IT infrastructure security strategy and the correct implementation of the right measures, you can ensure that your organization continues to operate without disruptions and other disadvantages, even in the face of acute threats. The desirability of this outcome is evident.

What does the topic of IT security include?

Broadly speaking, this topic includes the identification and detection of any security threats against an organization, the protection against these threats, as well as any responses and recovery measures in case of damages. This includes planning and communication documents, technical measures, and processes.

What purpose do IT infrastructure security threats have?

There is a very broad spectrum of possible threats. As a first step, one should consider what malicious parties aim to achieve by exploiting or causing an IT security threat. Subsequently, we will examine the individual threats in detail in the next section, followed by the protective measures effective against them.

Disruption of operations

Sometimes, the sole purpose of an attack is to maliciously create chaos. An example of this is the disruption of an online game server on the day of a new game’s release. It disappoints players who were eagerly anticipating the launch and puts a strain on the game developer’s resources. There is no direct material gain for anyone from this action.

However, the scenario changes when a foreign power aims to sabotage critical or other infrastructure of a country. Before the Russian attack on Ukraine, the country’s power grid operators and internet service providers faced a wave of cyber-attacks, aimed at disrupting the nation’s power supply and digital communication.

Another example would be the use of a tailored computer virus to disrupt Iran’s nuclear program, by attacking the control systems of the centrifuges used for uranium enrichment, causing them to malfunction and break.

The disruption of operations can be achieved through viruses and malware that delete data or disrupt systems, ransomware attacks that block access to data, and denial-of-service attacks that block online systems.

Data theft

In this case, third parties attempt to steal sensitive data from the organization. This could include trade secrets, employee data, or customer data.

Stealing personal data often serves the purpose of identity theft, where the stolen data is used by others to assume the identity of the affected person with the intention of committing further crimes.

Digital data theft can occur through viruses, hacker attacks and malware.

Fraud and other financial gain

In recent years, many customers of online shops have wondered how newly released and sought-after products could sell out within seconds. This was the work of so-called bots, computer programs that placed orders for the products almost simultaneously and in large quantities. The operators of these bots could then resell the scarce goods at much higher prices.

While the online shops themselves were not directly financially disadvantaged, their customers were disappointed, and many lost trust in the respective online shop.

IT security threats in detail

IT security threats can come from both external attacks and from elements within the organization itself. They may involve third-party software as well as self-developed software solutions. Note that the term “Cyber Attack” is often used in military jargon and mainly refers to direct, targeted attacks on an organization from the outside. Here, we will examine the individual threats and mention the measures effective against them, which will be explained in the next section.

Exploits

An exploit refers to the exploitation of an existing vulnerability in an application program or operating system.

In the case of self-developed software (custom software), the responsibility for discovering and patching any vulnerabilities lies with oneself. Rigorous testing can help, but it is even better to prevent the occurrence of vulnerabilities from the outset through good planning, development discipline, and the use of best practices.

When using frameworks, one should pay attention to notifications from the manufacturer and strive to keep these software components up to date as well.

Hacker Attacks

The classic scenario, often depicted in movies and television. Here, one or more individuals actively gain access to an organization’s IT systems. Nowadays, manual direct attacks like these are less common as they can be more easily traced back to the attacker’s source computer.

IT infrastructure security

Computer Viruses, Malware, and Ransomware

In contrast to hacker attacks, computer programs do all of the heavy lifting in this case. The malicious software is either secretly introduced into the target IT system or is disguised as seemingly harmless files, to be copied or downloaded onto the system by its unsuspecting users.

Once on the system, the software can delete stored data (viruses), block access to data and demand payment for its restoration (ransomware), or transmit the data to third parties (data theft using malware).

Viruses can also exploit exploits and spread within the computer network.

Social Engineering

Some IT security threats do not directly involve any IT equipment. Here, manipulation and psychology play the leading roles, such as when members of the organization are persuaded to disclose access credentials or carry out actions that could be harmful to the IT infrastructure.

There have been cases where an IT administrator received a late-night call from someone claiming to be a CEO or manager, urgently requesting their email password to be reset. The next day, the real CEO was puzzled to find that someone had used his email account to reset passwords for various online accounts…

Protection against such attacks includes raising awareness for IT infrastructure security among all members of the organization, particularly those with even the slightest access to an IT system.

Phishing

In a phishing attack, email-based social engineering is used to attempt to obtain confidential data, such as passwords or other sensitive information. As with social engineering, user awareness, the implementation of two-factor authentication, and effective spam filters can help prevent phishing attacks.

Denial-of-Service Attacks

IT systems that communicate over networks such as the Internet are susceptible to denial-of-service attacks. Such attacks flood the target system with an overwhelming number of seemingly harmless network requests, causing it to become overwhelmed and blocking legitimate requests. This situation is similar to when the website of Apple Stores becomes inaccessible upon the release of a new iPhone, due to the web server being overloaded by the massive number of page requests from excited Apple fans.

In a denial-of-service attack, the volume matters; a large number of requesting network packets must simultaneously reach the targeted system.

Enslavement in a Botnet or Cryptomining

To build the necessary capacity for a denial-of-service attack, many attacking computers are required. Instead of renting them, computers are nowadays hijacked and enslaved using malware. In this case, it suffices for a small program to send the requesting packets to the target during the system’s operation.

Similarly, computers are hijacked to mine for cryptocurrency. The calculations required for this process are highly resource-intensive.

Both attacks can be relatively easily noticed by a good IT admin when the network or computational activity of a machine suddenly surges without any apparent reason.

How can we minimize IT infrastructure security risks?

As is often the case in life, prevention is better than a cure! Therefore, it is essential to be proactive rather than reactive. Effective protective measures thus need to be implemented, taking into account their cost-benefit factors.

This requires an IT infrastructure security strategy that addresses the IT security threats that can be expected in the near future. This involves analyzing the organization’s IT landscape (including infrastructure and all of the organization’s members), potential vulnerabilities, the data to be stored (data privacy!), the current threat landscape and any possible trends pointing to the future.

The result flows into an IT security guideline that the organization can use as a reference. When aware of the threats that they might face, the organization can choose the necessary specific measures. Emergency plans with the necessary procedures must also be developed and communicated.

Employee and customer awareness

The human factor must never be neglected. Employees, including the management and the organization’s customers, must be aware of how to use the IT systems they are entrusted with safely and with minimal risks. They must also be capable of recognizing manipulation attempts through social engineering and phishing.

Use secure software

Perhaps the simplest measure: Keep your software up to date! Install security patches as soon as they become available from the manufacturers. And test self-developed software solutions not only for functionality but also for security.

Endpoint security and network intrusion detection

The organization’s own network must be well-protected. The first line of defense is a good firewall appliance that has been properly configured. It can fend off intrusion attempts as well as external denial-of-service attacks.

Not only incoming data streams should be monitored for suspicious, attack-serving packets, but also outgoing packets must be checked for potential data leaks.

A network intrusion detection system additionally monitors the network itself for suspicious activities. Suspicious machines can then be isolated and subjected to further scrutiny.

Antimalware and antivirus solutions

Antimalware and antivirus solutions act against malware, viruses, and ransomware. There exist dedicated appliances as part of endpoint security suites. This dedicated hardware connects to endpoints, such as the entry point of your network, to monitor the incoming data streams. There are also solutions available that monitor your email server and quarantine emails with suspicious attachments. Finally, software such as virus scanners run on the end devices, acting as the last line of defense.

In these times of unprecedented cyberattacks, organizations should devote their efforts and resources to minimizing security risks by either hiring an external IT consultant or managing security threats with the help of trained employees.

IT infrastructure security best practices

Encryption technologies

To ensure the security of stored and transmitted data, secure encryption technologies can help. There are several approaches here:

– Encryption of data streams by network appliances (endpoint security).

– Encryption of individual files on computers using corresponding software.

– Encryption of entire storage devices on (mobile) end devices or NAS servers.

– Encryption of emails.

Mobile device management

Mobile device management (MDM) vconcerns the security of an organization’s mobile devices, such as smartphones, tablets and laptops. In addition to provisioning devices with the necessary enterprise apps, such solutions also enable the activation of security policies and the remote wiping of devices in case of loss or theft.

Data backups

Backing up your organization’s data, especially critical data essential for the continuity of operations, should be done regularly and at short intervals. This protects not only against failures but also effectively against virus damage and ransomware attacks.

The IT infrastructure security checklist for your company

  • Do you have a current security strategy that aligns with your organization and its requirements?
  • Are you and all other employees, as well as your customers, aware of IT security matters and trained accordingly?
  • Is your network protected against intrusions and disruptions from both external and internal sources?
  • Are all your (mobile) devices equipped with the appropriate security policies?
  • Are your (mobile) devices protected against viruses and malware?
  • Is critical data stored and transmitted in encrypted form? Is your digital communication secure?
  • Have you implemented appropriate IT security emergency plans and processes?

The Swiss IT security standards

The Swiss federal government has adopted the ICT minimal standard (IKT-Minimalstandard). This standard primarily serves as a recommendation for operators of critical infrastructures but is generally applicable to any organization.

In summary, the ICT minimal standard provides a comprehensive document that serves as an IT security reference guide. Additionally, it includes a catalog of measures covering the topics of “Identifying, Protecting, Detecting, Responding, and Recovering.” It also provides a guide and an Excel tool for self-assessments.

The importance of IT infrastructure security management systems in a business

An IT infrastructure security management system is not a technical system but a set of rules and procedures that enable an organization to successfully implement its information security measures.

The general objectives and characteristics of an IT security management system can be defined as follows:

  1. Establishing responsibilities and authorities for IT security.
  2. Setting achievable and measurable goals that are binding.
  3. Adopting security policies to define the secure handling of the entire IT infrastructure and the stored data.
  4. Considering IT infrastructure security requirements when hiring, training, and terminating employees.
  5. Keeping the organization’s knowledge regarding IT infrastructure security up to date.
  6. Ensuring that employees are qualified, adequately trained, and aware of IT security threats.
  7. Continuously optimizing the desired level of IT security and adapting it to current and future threat situations, with a focus on agility.
  8. Being prepared with contingency plans and processes to handle potential incidents and disruptions.

Best Practices for Good IT infrastructure Security

Many best practices are pretty evident, but they are often forgotten.

  1. Be aware of the threats to your organization’s IT and raise awareness among your employees.
  2. Follow the recommendations of the ICT Minimal Standard (mentioned above) and build upon it.
  3. Conduct regular IT infrastructure security assessments of your organization and its IT landscape.
  4. Develop an IT infrastructure security strategy and guideline, tailored to your organization and based on the assessment results.
  5. Implement appropriate security measures and conduct a cost-benefit analysis when in doubt about their effectiveness.
  6. Have external experts perform penetration testing (pen-testing) on your IT environment to identify vulnerabilities.
  7. Keep your software up to date and promptly install security patches.
  8. Pay attention to secure design and frameworks when developing your custom software applications. Thoroughly test your software, including security testing.

Which web application framework can be recommended for good IT security?

Web applications are ubiquitous in today’s IT world. Since web applications locally only require a web browser to run, local installations are completely eliminated. Therefore, these centralized solutions are relatively easy to maintain, even from an IT security perspective.

Nevertheless, the web application and its backend must be highly secure from an IT security standpoint. This starts with the design and choice of the web application framework.

Contact us regarding your IT infrastructure security issues

We have helped numerous companies with software modernization and transition to secure software solutions. Contact us if you have concerns about your current software solutions.

Programming Architect at 72® Services
Simon Martinelli ist ein versierter Experte für Java, Leistungsoptimierung, Anwendungsintegration, Softwarearchitektur und Systemdesign mit 27 Jahren Erfahrung als Entwickler, Architekt und technischer Projektmanager. Kontaktieren Sie mich hier oder buchen Sie einen Beratungstermin über Calendly.
Simon Martinelli
Latest posts by Simon Martinelli (see all)
Simon Martinelli
Programming Architect 72® Services
Simon Martinelli is an accomplished expert in Java, performance optimization, application integration, software architecture and system design with 27 years of experience as a developer, architect and technical project manager. Contact me here or book a consulting appointment via Calendly.