--Originally published at The Hitchhiker's Guide to information security… according to me!
Many people wish upon a star for a zombie apocalypse. They want to ride on their jeeps while shooting at anything that moves because they just want to watch the world burn. They want to go wild, experience the feeling of anarchism, but mostly they just want to shoot something and prove that they can survive adversity. For some this is just a dream, but for others it is a serious business. They understand that it’s is not only about carrying a gun, but also about searching for food and water; dealing with the lack of electricity, gas and communication and looking for a shelter that can resist the attack of hordes of zombies. This people are prepared for dealing with the situation and all of this are countermeasures that prepares them for this day. But what does all of this have to do with information security you may be wondering. Well, follow me and let’s find out.
In time of war we need a good plan that comes into action, and in information security, in time of threat and vulnerability we need a security countermeasure to help us deal with the risk or at least minimize it. And… BOOM! Now you understand what this zombie thing is all about.
A security countermeasure is a method, action, procedure, system, device or technique that helps eliminate, mitigate or reduce a threat or vulnerability. So if you’ve been reading my blogs, and of course you’ve been this are the security control that come into action when we are facing a threat. Not preventing it or planning what will happen, but dealing with it… like the adults we are.
Like everything in this world they come in different flavor depending on the context and there are a few contexts in the information security
- Network Security
- Operating System security
- System Security
We’ve seen some countermeasures on previous posts and we will detail others on future post but for now I’ll give you a list of most the most common because I know you love lists as much as I do.
Logical: Referring to assets inside a computer system.
- Use strong authentication and access control methods
- Encrypt your data and sessions
- Use secure communication protocols
- Update your operating system and antivirus regularly
- Disable unused network functionalities like protocols and services
- Restrict system commands and utilities with access control
- Use strong passwords and do not use default account names
- Block unnecessary ports on the firewall
Physical: Referring to assets in the physical form.
- Evidence gathering systems
- Entry control point
- Delaying systems
- Guards
- Distribution of physical assets in different location.
So there you have some tips to deal with the apocalypse. So now grab your and start gathering resources for the madness to come. I know you can survive the zombie apocalypse kids. Stay strong. Peace.
