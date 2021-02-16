Without a strong network security strategy, IT security will fall short -- and vice versa.

The National Security Agency (NSA) has identified three basic functions to form the foundation of a good IT security system. These functions are critical to preventing 93% of cyber incidents, according to an NSA presentation. We at NetCraftsmen have identified four additional steps that, when combined with NSA's three steps, create a solid foundation upon which to build a comprehensive security system.

NSA's security steps

Step 1. Multifactor authentication

Instead of using basic passwords, enterprises should implement multifactor authentication, such as two-factor authentication (2FA). 2FA relies on something users know (a password) and something they own (a physical device, like a security token generator or a phone). Other mechanisms rely on factors like biometrics.

Text message challenges have become a popular mechanism for 2FA. During login, a security code is sent via text or phone call to a cellphone. Users input the security code in response to a login challenge. This type of challenge can be attacked by a bad actor taking over the cellphone account or number and is not suitable for highly secure accounts.

Step 2. Role-based access control

Implementing role-based access control restricts access to only those resources that are necessary for a person's function, or role, within an organization. For example, an HR employee won't need access to accounting functions. By limiting access, a compromised employee account will be restricted from functions and data that are outside the needs of that role.

These seven steps can help enterprises build the foundation of a strong IT security system.

Nearly all products have role-based access security controls, as IT security has become more important. It should be a critical criterion for product selection. There is an American National Standards Institute standard for it, as detailed in ANSI InterNational Committee for Information Technology Standards 359-2004 and INCITS 359-2012.

Step 3. Allowlist applications

Networks used to be open, and the only filtering performed was to deny certain connections. Allowlisting inverts that paradigm. Only those connections and data flows that are required for application functionality are allowed; all other connectivity is blocked. The objective is to reduce the opportunities for a security breach to spread laterally across an organization.

Teams should configure the filtering systems to record, or log, failed attempts to establish connections. Think of these alerts as trip lines that tip teams off to compromised accounts or systems. Security information and event management can help manage the deluge of events from the filtering systems.