"The most common attack is phishing
Posted: Mon Jan 20, 2025 8:09 am
Valery Kupryushin added that LAN security can be increased with the help of a properly configured password policy, including multi-factor authentication, software for generating and storing passwords, requirements for their complexity, and training employees in the basics of information security.
, and it is still quite spain whatsapp resource successful precisely because most users do not know the rules of digital hygiene. It is important to have competent information security specialists on the team who would work not only with software, but also with colleagues," noted Valery Kupryushin.
According to Kai Mikhailov, the protection of HTTP applications by WAF deserves special mention. WAF filters web requests and performs a control function that is not provided by the application due to outdated technologies or code base, but it is impossible to completely protect against an internal attack.
"In the end, an untrustworthy system administrator may get a job. But for such a case, there are reliable control systems - for example, Privileged access management (PAM), which allows you to monitor the actions of users with privileged accounts. If we talk about a multi-stage internal attack, then the approach of separating privileges and access has proven itself well over many years," noted Kai Mikhailov, whose job responsibilities include domain management.
"It is much more difficult to protect the system from the inside," Mikhail Sergeev agreed. "But there are some tips. Allow some servers to connect to others only on certain ports needed by the service, install security updates, set up auditing and logs, grant users only limited rights, only to the necessary services, move vulnerable or public services to a separate demilitarized zone and train employees in the basics of security."
"First of all, you can protect yourself by setting up a password policy correctly, including multifactor authentication, using software to generate and store passwords, requirements for their complexity, and training employees in the basics of information security. The most common attack is phishing, and it is still successful precisely because most users do not know the rules of digital hygiene. It is important to have competent information security specialists on the team who would work not only with software, but also with employees," concluded Valery Kupryushin
, and it is still quite spain whatsapp resource successful precisely because most users do not know the rules of digital hygiene. It is important to have competent information security specialists on the team who would work not only with software, but also with colleagues," noted Valery Kupryushin.
According to Kai Mikhailov, the protection of HTTP applications by WAF deserves special mention. WAF filters web requests and performs a control function that is not provided by the application due to outdated technologies or code base, but it is impossible to completely protect against an internal attack.
"In the end, an untrustworthy system administrator may get a job. But for such a case, there are reliable control systems - for example, Privileged access management (PAM), which allows you to monitor the actions of users with privileged accounts. If we talk about a multi-stage internal attack, then the approach of separating privileges and access has proven itself well over many years," noted Kai Mikhailov, whose job responsibilities include domain management.
"It is much more difficult to protect the system from the inside," Mikhail Sergeev agreed. "But there are some tips. Allow some servers to connect to others only on certain ports needed by the service, install security updates, set up auditing and logs, grant users only limited rights, only to the necessary services, move vulnerable or public services to a separate demilitarized zone and train employees in the basics of security."
"First of all, you can protect yourself by setting up a password policy correctly, including multifactor authentication, using software to generate and store passwords, requirements for their complexity, and training employees in the basics of information security. The most common attack is phishing, and it is still successful precisely because most users do not know the rules of digital hygiene. It is important to have competent information security specialists on the team who would work not only with software, but also with employees," concluded Valery Kupryushin