| |August 20189CIOReview1. Injection 2. Broken Authentication 3. Sensitive Data Exposure 4. XML External Entities (XXE) 5. Broken Access Control (Merged)6. Security Misconfiguration 7. Cross-Site Scripting (XSS) 8. Insecure De-serialization 9. Using components with known vulnerabilities 10. Insufficient Logging & Monitoring Web Application Firewalls help protect the application in case these vulnerabilities remain open. But they don't close the same. So it's necessary that these are addressed on priority by the application development team. Web applications or mobile apps fa-cilitating online transactions and links to payment gateways should take care of dual factor authentications. Network VulnerabilitiesHackers are continuously look-ing into holes in the network layers and its necessary to identify the le-gitimate traffic with the illegitimate ones. Next Generation Firewalls help track and mitigate such risks. It is very necessary that the perimeter breaches are protected by strength-ening the network layers. Network devices should always have the lat-est firmware updates and periodic changes of usernames and passwords should be carried out. Prevention of DDOS attacks at the ISP end is a must and robust Intrusion Detec-tion Systems become necessary to be put in place.End User VulnerabilitiesThere is a sucker born every minute says the good old phrase. And this is quite a fact in the digital world that we live in. People get lured by ridicu-lous offers and often click on unsus-pecting links on their mailbox. They end up gladly giving away a lot of their secure credentials and thus lead to information breaches. We need to, as an enterprise, keep educating users from the dangers of clicking on un-wanted links and making them recog-nise suspicious mails.Quite a few Indian ATMs are still running on outdated XP systems. Having a managed security services team can check whether systems are regularly patched or not. Same is the case with Anti Virus software. It is necessary that the signatures are up-dated and verified by the teams on a daily basis. One should have solu-tions which provide mitigations from zero day vulnerabilities. Desktop/Laptop backups help mitigate ransomware type attacks to a large extent as data is restored even if the system is locked by the mal-ware. End point enterprise security is a must have for every organisation. A word on EncryptionEnterprises need to ensure that all critical data are encrypted with the right tool. Encryption of the laptop using tools as safeboot or bitlocker will ensure that even if a laptop gets stolen, getting holder of the data would be next to impossible.Even backups need to get en-crypted so that nothing can be con-sumed even if the backups land in the hands of any rogue user during trans-portation. While disk based backups have largely reduced the need for tape based backups, these may still be necessary to keep data at an offsite location. Secure web gateways ensure that corporate users do not get on to unwanted and unethical URL's and thereby becoming vulnerable to vi-ruses and malwares. Data Leakage PreventionHaving a robust MDM solution en-sures that the corporate data is clearly segregated from the personal data. It prevents corporate data from mobile devices to be sent across via personal mail ids to any rogue user. USB ac-cess should clearly be provided only on specific approvals. Test checks are necessary to ensure that compliance levels are maintained.GovernanceAll said and done, Enterprise Secu-rity as a subject is not one to be taken lightly. There are a plethora of so-lutions available but not all may be required. One would have to weigh the risks first before embarking upon any large scale solution. An enterprise finally needs to ensure that the right governance is in place to make certain that the best practices and security guidelines are strictly followed. Only then we can say that we have reached a certain level of success. Ananth SubramanianPrevention of DDOS attacks at the ISP end is a must and robust Intrusion Detection Systems become necessary
< Page 8 | Page 10 >