Author: Farzand Ali

What is Assurance, Compliance and GRC and how Assurance and Compliance can be applied to NGFWs?

Farzand AliLeave a comment

what is assurance in information security or cybersecurity?

Assurance in information security or cybersecurity refers to the level of confidence in the effectiveness of security measures, policies, and procedures employed to protect an organization’s information systems and data. It involves evaluating and ensuring that the implemented security controls are working as intended to maintain the confidentiality, integrity, and availability of the information.

Assurance plays a crucial role in building trust between stakeholders, such as users, customers, and partners, and helps demonstrate that the organization is taking appropriate steps to safeguard sensitive data and systems.

Several aspects contribute to the assurance in cybersecurity, including:

  1. Risk management: Identifying, assessing, and mitigating potential risks to the organization’s information systems and data.
  2. Security policies and procedures: Developing and implementing robust security policies, guidelines, and processes to minimize security risks.
  3. Security controls: Employing technical and administrative controls, such as firewalls, intrusion detection systems, access controls, and security training to protect information assets.
  4. Audits and assessments: Conducting regular internal and external audits and assessments to verify the effectiveness of security controls and identify potential areas of improvement.
  5. Incident response and management: Establishing a well-defined incident response plan to handle security breaches, minimize the impact, and restore operations quickly.
  6. Continuous monitoring: Monitoring and analyzing system logs, network traffic, and user activity for signs of malicious activity or policy violations.
  7. Compliance: Ensuring that the organization meets relevant legal, regulatory, and industry standards for information security.

By focusing on these aspects, organizations can increase their assurance levels and demonstrate a strong commitment to protecting their information systems and data from cyber threats.

what is compliance in cybersecurity?

Compliance in cybersecurity refers to the process of adhering to established laws, regulations, standards, and best practices that govern the protection of information systems and data. Compliance helps organizations ensure that they are operating in a secure manner and managing risks associated with their digital assets effectively. It is an essential aspect of a comprehensive cybersecurity program.

There are various laws, regulations, and industry-specific guidelines that organizations need to comply with, depending on their location, industry, and the types of data they handle. Some widely known cybersecurity compliance frameworks and standards include:

  1. General Data Protection Regulation (GDPR): A comprehensive data protection and privacy regulation applicable to organizations operating within the European Union (EU) or handling the personal data of EU citizens.
  2. Health Insurance Portability and Accountability Act (HIPAA): A US regulation that sets standards for protecting the privacy and security of patient health information in the healthcare industry.
  3. Payment Card Industry Data Security Standard (PCI DSS): A global standard for organizations that process, store, or transmit payment card information, focused on securing cardholder data.
  4. Federal Information Security Management Act (FISMA): A US regulation that mandates federal agencies and their contractors to implement information security programs that comply with specific guidelines and standards.
  5. International Organization for Standardization (ISO) 27001: A globally recognized standard for information security management systems (ISMS), which provides a framework for managing risks and protecting sensitive data.

Compliance in cybersecurity typically involves the following steps:

  1. Identifying applicable regulations, standards, and guidelines that the organization must comply with.
  2. Conducting a risk assessment to identify potential security vulnerabilities and risks.
  3. Implementing security controls, policies, and procedures to address the identified risks and fulfill compliance requirements.
  4. Conducting regular audits and assessments to evaluate the effectiveness of security controls and identify areas of improvement.
  5. Training employees and raising awareness about cybersecurity best practices and compliance requirements.
  6. Continuously monitoring and updating security measures to maintain compliance with evolving regulations and standards.

Non-compliance can lead to fines, reputational damage, and legal consequences for organizations, highlighting the importance of maintaining a robust cybersecurity program that meets relevant compliance requirements.

how is GRC different from Assurance?

Governance, Risk Management, and Compliance (GRC) and Assurance are related but distinct concepts in the context of information security and cybersecurity. They both contribute to the overall security posture of an organization, but they focus on different aspects.

GRC is a comprehensive approach to managing an organization’s overall governance, risk management, and compliance with regulatory requirements. It encompasses the following components:

  1. Governance: The set of processes, policies, and structures that define how an organization is managed, operated, and controlled. Governance in cybersecurity involves the establishment of a security strategy, organizational structure, and decision-making processes to ensure security objectives are met.
  2. Risk Management: The process of identifying, assessing, and mitigating potential risks to an organization’s information systems and data. Risk management helps prioritize security investments and ensure that resources are allocated effectively.
  3. Compliance: The process of adhering to established laws, regulations, standards, and best practices that govern the protection of information systems and data. Compliance ensures that organizations operate securely and manage risks associated with their digital assets effectively.

Assurance, on the other hand, refers to the level of confidence in the effectiveness of security measures, policies, and procedures employed to protect an organization’s information systems and data. Assurance is concerned with evaluating and ensuring that the implemented security controls are working as intended to maintain the confidentiality, integrity, and availability of information.

While GRC focuses on the establishment, management, and oversight of security processes, Assurance is about validating and verifying the effectiveness of those processes and controls. In other words, GRC sets the foundation for an organization’s security posture, while Assurance provides the confidence that the implemented measures are functioning correctly and adequately addressing security risks.

Both GRC and Assurance are essential for a comprehensive cybersecurity program, as they complement each other in achieving a robust and secure environment. Organizations should integrate both concepts into their security management practices to effectively protect their information systems and data from potential threats.

how can I apply compliance and assurance to next generation firewalls?

Applying compliance and assurance to next-generation firewalls (NGFWs) involves implementing a set of policies, procedures, and controls that align with relevant regulations and industry standards while ensuring the effectiveness of the security measures. Here are the steps to apply both compliance and assurance to NGFWs:

  1. Identify compliance requirements: Determine the applicable regulations, standards, and guidelines your organization must comply with, based on your industry, location, and the types of data you handle. These may include GDPR, HIPAA, PCI DSS, FISMA, or ISO 27001.
  2. Conduct a risk assessment: Perform a comprehensive risk assessment to identify potential threats and vulnerabilities in your network infrastructure, taking into consideration the unique needs of your organization.
  3. Develop and implement policies: Establish robust security policies and procedures that dictate the configuration and management of the NGFW, including rules for traffic filtering, application control, and user access. Ensure that these policies align with your organization’s overall security objectives and risk management strategies, as well as the identified compliance requirements.
  4. Configure and deploy the NGFW: Properly deploy and configure the NGFW to address identified risks and enforce established security policies. This includes setting up security zones, creating and applying access control rules, enabling intrusion prevention features, and configuring deep packet inspection.
  5. Monitor and audit: Continuously monitor the NGFW’s performance, event logs, and alerts to identify potential security incidents and verify the effectiveness of the implemented security controls. Conduct periodic internal and external audits and assessments to evaluate the NGFW’s configuration, effectiveness, and compliance with relevant regulations and standards. This helps identify potential areas of improvement and ensures that the NGFW is providing the desired level of security assurance.
  6. Integration with other security tools: Integrate the NGFW with other network security tools and systems, such as Security Information and Event Management (SIEM) systems, endpoint protection platforms, and threat intelligence feeds. This helps create a cohesive security ecosystem that can share and analyze data for enhanced threat detection and response.
  7. Employee training and awareness: Educate network administrators and other relevant personnel on the proper management and operation of the NGFW, as well as the organization’s network security policies, procedures, and compliance requirements.
  8. Incident response and management: Develop and implement a well-defined incident response plan to handle security breaches and other incidents involving the NGFW. This should include steps for investigating, containing, and resolving incidents, as well as lessons learned to improve the organization’s security posture.
  9. Maintain and update: Keep the NGFW’s software and signatures up to date to ensure protection against the latest threats. Regularly review and update security policies, procedures, and controls to maintain compliance with evolving regulations and standards.

By following these steps, you can apply both compliance and assurance principles to your next-generation firewalls, ensuring they effectively protect your network infrastructure and data while meeting relevant regulatory requirements.

Advertisement

What is the difference between Network, Cyber and Information Security?

Farzand AliLeave a comment

Network security, cybersecurity, and information security are all related concepts, but they have slightly different meanings and scopes.

Network security refers to the protection of computer networks from unauthorized access or attacks. It involves the use of various hardware and software technologies to secure networks and prevent intruders from gaining access to sensitive information. Network security focuses on protecting the network infrastructure, such as routers, switches, firewalls, and other network devices, from attacks and intrusions.

Cybersecurity, on the other hand, is a broader term that encompasses network security as well as other aspects of security related to information technology. Cybersecurity involves the protection of computer systems, networks, and digital data from unauthorized access, theft, and damage. It includes a wide range of technologies, policies, and practices that are designed to secure digital assets and prevent cyber attacks.

Information security refers to the protection of all forms of information, including both digital and non-digital data, from unauthorized access, use, disclosure, modification, or destruction. Information security covers a wide range of topics, including confidentiality, integrity, availability, privacy, and compliance. It involves implementing appropriate controls and measures to safeguard information from various threats, such as cyber attacks, human error, and natural disasters.

Network and Security Certifications:
CCST Networking (Cisco)
Network+ (CompTIA)
CCNA (Cisco)
CCNP (Enterprise)
PCCET (Palo Alto)
PCNSA (Palo Alto)
PCNSE (Palo Alto)
NSE4 (Fortinet)
NSE5 (Fortinet)
NSE7 (Fortinet)
CCNP (Security) (Cisco)
F5 Admin (F5)

DevNet and Automation Certifications:
CCNA DevNet (Cisco)
ENAUTO (Cisco)
PCSAE (Palo Alto)

CyberSecurity Certifications:
Security+ (CompTIA)
CC (ISC2)
CCST Cybersecurity (Cisco)
CCNA CyberOps (Cisco)
CCNP CyberOps (Cisco)
Pentest+ (CompTIA)
CEH (EC-Council)
Linux+ (CompTIA)
CySA+ (CompTIA)
CASP+ (CompTIA)
SC-900 (Microsoft)
SC-200 (Microsoft)
SC-100 (Microsoft)

SASE, SSE and Cloud Security Certifications:
Cloud+ (CompTIA)
CCSP (ISC2)
AZ-900 (Microsoft)
AZ-500 (Microsoft)
PCCSE (Palo Alto)

Information Security Certifications:
CISSP (ISC2)
CISA (ICASA)
CISM (ICASA)
PECB ISO 27001 LE
CCISO (EC-Council)

ISE (Identity Services Engine) Basic Configuration and Commands

Farzand AliLeave a comment

Cisco Switch Dot1x Config:

Configuring Global AAA Parameters:

conf t
username admin privilege 15 secret Cisco123
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius

radius server Our-ISE
address ipv4 192.168.1.105 auth-port 1812 acct-port 1813
key Cisco123
automate-tester username testuser
exit

aaa group server radius Our-Group
server name Our-ISE
exit

radius-server dead-criteria time 3 tries 3
radius-server deadtime 15
aaa server radius dynamic-author
client 192.168.1.222
server-key Cisco123
exit

ip radius source-interface gig 0/1
radius-server vsa send authentication
radius-server vsa send accounting

dot1x system-auth-control
ip adevice tracking
end

wr

Switch Port Configuration:

conf t
vlan 10,20,30,80,999

int range fa 0/1-8
switchport host
switchport access vlan 999
authentication priority dot1x mab
authentication order dot1x mab
authentication event fail action next-method
authentication event server dead action authorise vlan 10
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 5
authentication port-control auto
end

wr

Verification and Troubleshooting:
show int status (to check vlans the interfaces are)
show vlan brief (to see if the vlan now exists and an authenticated port it assigned to it)
show authentication sessions
show authentication sessions int fa 0/1 (MAC/IP/user/status/DACL/success/failure)

ISE:
Operations>RADIUS>Live Logs>Magnifying glass (detail) (shows the matching 5200 successful policy set/Authentication policy/Authorization policy)(Shows Switch/NAS IP and the switch port number)

Network Security (NetSec), Cyber Security(CyberSec/CyberOps) and Information Security(InfoSec)

Farzand AliLeave a comment

Security Advisories:

Palo Alto: https://securityadvisories.paloaltonetworks.com
Cisco: https://tools.cisco.com/security/center/publicationListing.x
Meraki: https://meraki.cisco.com/blog/cisco-meraki-customer-advisories
Fortinet: https://www.fortiguard.com/psirt
Checkpoint: https://www.checkpoint.com/advisories/
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsecurityalerts=#severity=&type=Security+Alerts&product=&version=
Juniper: https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
CISA: https://www.cisa.gov/news-events/cybersecurity-advisories
US-CERT: https://www.us-cert.gov/ncas/current-activity

EoL links:
Cisco: https://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-listing.html
https://www.curvature.com/resources/cisco-end-of-life-guide
Palo Alto: https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary

https://www.paloaltonetworks.com/services/support/end-of-life-announcements/hardware-end-of-life-dates
Meraki: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Product_End-of-Life_(EOL)_Policies
Checkpoint: https://www.checkpoint.com/support-services/support-life-cycle-policy/

CVE (Common Vulnerabilities and Exposures) and CVSS (Common Vulnerability Scoring System):
https://www.cvedetails.com/cvss-score-distribution.php
https://nvd.nist.gov/vuln-metrics/cvss
https://cve.mitre.org/

Important Organizations:

  • United States Computer Emergency Readiness Team (US-CERT)
  • National Cybersecurity and Communications Integration Center (NCCIC)
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • National Institute of Standards and Technology (NIST)
  • National Cyber Security Centre (NCSC)
  • National Security Agency (NSA)
  • Government Communications Headquarters (GCHQ)
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • The Council for Registered Ethical Security Testers (CREST)

Gartner Magic Quadrant: NGFWs and SD-WAN: