Security Architecture for Startup

By Kunal Patil, Senior Threat Hunter

         
 Security Architecture is the design artifacts that describes how the security controls are positioned and how they relate to the overall systems architecture. These controls serve the Purpose to maintain the system's quality attributes such as confidentiality, integrity and availability.

Following is the 10 steps plan required to build Security Architecture For Startup : 
  •  Pick Your battle
  •  Establish a security culture
  •  Pick security platform
  •  Upgrade your software
  •  Physical security
  •  Control the internal network
  •  Secure coding
  •  Protect devices against malware
  •  Perform security audits
  •  BYOD Policies
Pick Your Battle


You can't secure everything, Quantify the monetory damage, likelyhood and mitigation cost of each threat to prioritize time and resource. Below are the list of threats which can taken into consideration as per Goal of the Industry (Budget + Risks).

Establish a Security Culture


Show Your team that Security is Important Factor through communication and example. Provide Periodic Training , Penetration testing and Password management Tools.

  • Executives and Board Members set the Example
  • Authorization and Access
  • Update and Backup Files
  • Deploy and Engaging Cyber Security Awareness Program
  • Employee Cyber Security Awareness Program


Pick Secure Platform

Select Compute Platforms with High Security such as Linux, Chromebooks ,IOS google Apps and Open Secure Systems. Selecting Platform plays an important Role in Security. many Platforms Are Available in market, below are the list of few Platforms :

Operating system platform
  •  Amiga OS
  •  BSM line, FreeAids, NetBSD, OpenBSD
  •  Google Chrome OS
  •  Linux
  •  Google Android
  •  IOS
  •  Mac OS
  •  Microsoft Windows
  •  WINE
  •  IBM/Microsoft Operating System 2
  •  PlayStation Portable
  •  Solaris
  •  Nintendo
  •  Venkit
Software platform
  •  Java - JDK and JRE
  •  .NET Framework
  •  Mozilla Prism Xul and XUL Runne
  •  UniPaaS
  •  Adobe AIR
  •  Mono
  •  Vexi
  •  Flash
  •  UCSD p-System
  •  Steam
  •  UI
  •  Eclipse
Gaming software platforms
  •  Venkit
  •  zMachine
  •  TADS
  •  SCUMM
  •  AGI
Upgrade your Software's

Upgrade your Software's with latest security Patches. set Automatic Safegaurd against software vulnerability that can be exploited by latest virus or malware.

Why patch?
If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch you might be leaving the door open for a malware attack. Malware exploits flaws in a system in order to do its work. In addition, the time frame between an exploit and when a patch is released is continually getting shorter.

What to patch?
Not all of the vulnerabilities that exist in products or technologies will affect you. However, any software you use is a potential source of vulnerabilities that could lead to a compromise of security or identity. The more commonly used a program is, the bigger target it represents and the more likely it is that a vulnerability will be exploited. For the more obscure software you use, contact the vendor to receive updates, patches, or vulnerability alerts. Additionally, don't forget to patch your anti-virus software.


Physical Security

Physical security is often overlooked and its importance underestimated. In favor of more technical threats such as hacking, malware, and cyberespionage. However, breaches of physical security can be carried out with brute force and little or no technical knowledge on the part of an attacker.

Physical security has three important components: access controlsurveillance and testing.

First, Obstacles should be placed in the way of potential attackers and physical sites should be hardened against accidents, attacks or environmental disasters. Such hardening measures include fencing, locks, access control cards, biometric access control systems and fire suppression systems.

Second, physical locations should be monitored using surveillance cameras and notification systems, such as intrusion detection sensors, heat sensors and smoke detectors.

Third, disaster recovery policies and procedures should be tested on a regular basis to ensure safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.


Control The Internal Network

    Ensure your network have secured VPN technology to create safe internet connections to or from your provate networks. mandate strong two factor authentication such as one time password tokens or certificate based smart cards to support this.
  •  Track Every IT Asset
  •  Installed securely configured images on all computers
  •  Lock down all Admin Accounts.
  •  Use DMZ proxy and Light SIEM
  •  Automate Patching
  •  Encrypt and test your backup system
Secure Coding

Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities.
Top 10 Secure Coding Practices :
  •  Validate input
  •  Heed compiler warnings
  •  Architect and design for security policies
  •  Keep it simple
  •  Default deny
  •  Adhere to the principle of least privilege
  •  Sanitize data sent to other systems
  •  Practice defense in depth
  •  Use effective quality assurance techniques
  •  Adopt a secure coding standard

Protect Devices Against Malware

There are numerous ways to protect and remove malware from our computers. No one method is enough to ensure your computer is secure. The more layers of defense, the harder for hackers to use your computer. Here are Five simple, but critical steps to protect your computer.
  •  Install Firewall
  •  Install Antivirus Software
  •  Install Anti-Spyware Software
  •  Use Complex and Secure Passwords
  •  Check on the Security Settings of the Browser

Perform Security Audits

    Regularly review security policies to keep up with the latest technologies changes to act proactively rather than ractively to avoid software vulnerabilities

How to manage a successful audit :
  •    Establish a security baseline through annual audits.
  •    Spell out your objectives.
  •    Choose auditors with "real" security experience.
  •    Involve business unit managers early.
  •    Make sure auditors rely on experience, not just checklists.
  •    Insist that the auditor's report reflects your organization's risks.

 BYOD policies

    BYOD stands for Bring Your Own Device. Companies that allow employees to use their own mobile devices need to have a well-thought-out BYOD policy that governs how they can be used. The policies are designed to protect the company from numerous security concerns. Among the things every effective BYOD policy should include are:

Devices: Spell out which specific devices and operating systems the company will support.
Passwords: Requiring all devices to be password-protected adds additional security.
Use: Determine which functions – email, Word documents, etc. – employees can access from their mobile devices.
Applications: Any outside applications that cause extra security concerns should be banned.
Reimbursement: Detail any mobile costs you might reimburse employees for.

Employers should require all employees to sign the BYOD policy upon starting with the company. In addition, employees must be alerted any time a change is made to the policy.



Please Share If you like

Thank You :-)






I am a security researcher where my expertize includes domains like incident response and investigation, Malware Analysis, Threat Hunting, deception Technology, Brand protection, SIEM configuration, Digital Forensics, Cyber Threat Intelligence, EDR, Network Security, Content Filtering, etc While working I had completed my Masters(2021) in Information security where I published a thesis on “Malware Analysis using machine Learning Ensemble” My goal is to share the knowledge with everyone with technologies, upcoming trends, various platforms and mainly Lock it down, protect it up, and block the hackers.

Comments

  1. startupdear5 August 2019 at 18:07

    Best Startup Tools | Startup Incubator Software | Product Management Tools | Startup incubators tools

    ReplyDelete
  2. Sathya1 October 2019 at 11:19

    Really it is very useful for us..... the information that you have shared is really useful for everyone. If someone wants to know about EHS Software and Occupational Safety Softwares I think this is the right place for you.

    ReplyDelete
  3. Priya22 April 2020 at 13:14

    Thanks for the valuable information. Cyber security is the backbone for any industries. Today’s world, Hackers are targeting people's increased dependence on digital tools. Information Security Company in Chennai Strategy to maintain cybersecurity include maintaining good cyber hygiene, verifying sources and staying up-to-date on official updates.
    Penetration Testing Services in chennai
    VAPT Services ‎in Chennai
    BCP services in chennai
    Soc Service Provider In chennai
    Business Continuity management service in chennai

    ReplyDelete
  4. Priya14 July 2020 at 16:38

    Thanks for the valuable information. Are you looking for a one-stop solution to your Information/Cybersecurity needs? IARM, one of the few companies to focus exclusively on End-End Information/Cybersecurity solutions and services providers to organizations across all verticals.
    Top Cyber Security Company in Chennai
    Penetration Testing Provider in Chennai

    ReplyDelete

Post a Comment

Popular posts from this blog

RTR using Falcon Crowdstrike

By Kunal Patil, Senior Threat Hunter
Image
Real Time Response Real Time Response is a powerful tool that gives security administrations the ability to remotely access systems for administration tasks, remediation actions or forensics collection, etc. without requiring physical access to the system. For more information on the CrowdStrike solution, see the additional resources and links below. In the Falcon UI, navigate to Activity > Detections. Commonly, a new detection will be the event that triggers a need for remediation.Directly from a given detection, the “Connect to Host” button allows you to remotely connect and take action. You can also connect to a host from Hosts > Host Management. Once connected, you will be presented with a list of commands and capabilities available in Real Time Response. With the ability to run commands, executables and scripts, the possibilities are endless. A few examples are listed below.
Read more

Top Commands Mostly Used By System Administrator.

By Kunal Patil, Senior Threat Hunter
Image
Top Commands Mostly Used By System Administrator. 1) IPconfig IPCONFIG Simply entering ipconfig at the command line will return basic addressing information for your system, including the adapter name, IP address, subnet mask, and default gateway. 2) IPconfig /all IPCONFIG/ALL Shows all networking information for the system, including host name, node type, adapter names, MAC addresses, DHCP lease information, etc. 3) Ping PING Ping command to verify that a host can be reached over the network. This command is useful for diagnosing host and network connectivity problems. The device sends a series of ICMP echo (ping) requests to a specified host and receives ICMP echo responses. 4) Ping "Website-name" PING TO WEBSITE   This above command used to find the IP address associated with The Specific Website. eg: 10.24.126.25 is the IP address for Website Intranet.indusind.com 5) Tracert "IP address" TRACE COMMAND Tracert comm
Read more

Damn Vulnerable Web Application - Part 1

By Kunal Patil, Senior Threat Hunter
Image
The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable whose goal of being an intentionally vulnerable system for practice/teaching purposes in regard to Information Security.There are many Methods for Installing DVWA on Platforms Like Windows and Linux, In this blog i will show the easiest Walk-through for Beginners to Learn and Exploit Web Application. So let us Start with Installation and Implementation of DVWA. Step By Step Installation 1) Requirement :  Windows system for Managing VM Virtual Box ( Link ) or VMware ( Link ) should be installed on system Kali-ISO ( Link ) DVWA ISO ( Link ) 2) Switch-ON Kali and DVWA virtual machines Both must be in HOST only Adapter (we can change using VM Network setting).  3) After the Installation of Kali and DVWA in VM, find the IP address of DWVA using the Command ifconfig and Check Connectivity between them using ping command. 4) Run Kali machine and DVWA machine Par
Read more

SECURITY OPERATION CENTRE

By Kunal Patil, Senior Threat Hunter
Image
What is SOC?                    Security operations centers monitor and analyze activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise. The SOC is responsible for ensuring that potential security incidents are correctly identified, analyzed, defended, investigated, and reported. SOC works with collaboration with People, Process and Technology.  SOC Architecture PEOPLE:                  The best way to think of a SOC is as a centralized team of people who provide threat monitoring, investigation, and response.  Larger SOCs employ a three-level analyst structure for handling security alerts generated by a security system or SIEM.  Level 1 analysts are responsible for real-time monitoring of security alerts, doing triage on them, and deciding whether an alert is serious enough to be escalated to a Level 2 analyst.  Level 1 analysts se
Read more

Cyber Threat Intelligence

By Kunal Patil, Senior Threat Hunter
Image
Gartner Definition:   Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.  To understand this term easily lets split the words and bring out meaning to it :  Cyber :  relating to or characteristic of the culture of computers, information technology, and virtual reality. Threat :  thing likely to cause damage or danger. Intelligence :  the ability to acquire and apply knowledge and skills.                 Cyber Threat intelligence helps Organisation to understands the risk of most common External threats. T hreat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage.  One of the proven methods to stay on top of attacks is to detect and
Read more

Collective Intelligence Framework v3 - Part 1

By Kunal Patil, Senior Threat Hunter
Image
Basic About CTI Cyber Threat intelligence(CTI) is a Technology which helps an Organization to collect and Analyze threat data received from multiple resources. Cyber threat intelligence is an automation process where it accumulate data from various external resources (such as FEEDS) and recognize the threats suitable for the Organization. By importing the Data from CTI, the next step is to exporting the CTI data into Existing Security systems. Collective intelligence Framework is an underlying Structure of CTI which helps any organization to gather all Threat Data at one place. In this blog we are discussing how to Install Collective Intelligence Framework v3 (Bearded Avenger) into security structure. Details Information About CIF you will found at : csirtgadgets Basic Requirements for Bearded Avenger CIF v3 : OS: Ubuntu 16 LTS,  x64 RAM: 16GB Cores: 4 (As Sqlite, ElasticSearch, CIF-Router among other apps would be running on same instance) HDD Capacity: 100GB
Read more

Top 20 Subdomains Search Engines

By Kunal Patil, Senior Threat Hunter
Image
Whats is Domain?  An organization shares a common suffix as Domain names which is controlled by that Organization or individual. What is Subdomains? Basically Subdomains are subdivisions of Domain. Why it is required? Subdomains are second website, which have its own unique content and makes hosting manageable and easy to organize.         Every second Organization Consists of various Subdomains as per their Requirements, I listed few Subdomains Search Engines, list is below :  Google Search - Online Search Censys - Online Search Pentest-Tools - Online Search DNS Dumpster - Online Search Netcraft - Online Search CloudPiercer - Online Search Detectify - Online Search VirusTotal - Online Search Pkey - Online Search Crt.sh - Online Search Sublist3r - GitHub repository DNScan - GitHub Repository Knock - GitHub Repository SubBrute - GitHub Repository Nmap - GitHub Repository Gobuster - GitHub Repository Fierce - Bydefault in Kali DNS
Read more

Collective Intelligence Framework v3 - Part 2

By Kunal Patil, Senior Threat Hunter
Image
In Previous blog we learned how to setup CIFv3, in this section we will discuss how to integrate data and filter the Resulted Data by-passing different parameters to it. We might have question that what happens exactly after hitting cif command or how cifv3 fetches feeds from external resources. well in this blog i will cover every details of CIFv3 but before that lets study few terminologies to understands the implementation of this Project. CIFv3 uses few Terminologies like : 1) TLP TLP stands for Traffic Light Protocol originally created by UK government for the Purpose of sharing of sensitive data. There are four colors in TLP (same like traffic lights) : RED - Not for disclosure, restricted to participants only AMBER - Limited disclosure, restricted within own organisation and clients or customers. GREEN -  Limited disclosure, restricted to the community but not via public channels WHITE - Disclosure is not limited 2) Timestamps CIF supports three Times
Read more

TrickBot Malware Family - A Deep Dive using Falcon Crowdstrike

By Kunal Patil, Senior Threat Hunter
Image
Use Case  Falcon OverWatch has identified probable TrickBot malware on host NAOUXXXX. A renamed copy of Vhd2disk was executed on the host, likely from a successful phish. This in turn wrote and executed a malicious file, likely TrickBot malware, and established persistence for it with a registry key. Introduction  Emotet Often referred to as a banking trojan or worm. It is a very advanced threat that is updated multiple times a day by the cybercrooks controlling it. Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Additionally, Emotet is a polymorphic banking Trojan that can evade typical signature-based detection. It has several methods for maintaining persistence, including auto-start registry keys and services. It uses modular Dynamic Link Libraries (DLLs) to continuously evolve and update its capabilities. TrickBot TrickBot is most commonly installed by the Emotet Trojan, which is spread through phishing em
Read more