Digital communications in conjunction with the use of the modern internet have grown exponentially to the point that communicating digitally has become an indispensable facet of daily life. From cell phones, netbooks, email, blogs and online portals, electronic data transfer and exchange drives the way many interact with one another and communicate both personally and on business. Now, with the current trend towards “cloud” computing, where every person or business keeps important documents stored and accessible online or in the “cloud”, cyber security has become the number one priority of many.
Methods of protecting data such as encryption, antivirus software, firewalls, and access passwords have been around long before today’s data revolution, but unfortunately none of them have grown as effective security solutions to adapt to today’s data revolution. modern modes of digital communication. Devices that can connect to the global data network or the Internet are getting smaller and smarter. For example, with just a modern cell phone, a person can access their email, post blog updates, and access personal or corporate documents over the Internet.
The typical security approach in the past has been based on the model to restrict access using firewall systems or detect intrusions such as viruses using signature-based scanning systems. All these solutions are based on the concept of restricting, channeling, hiding and limiting access to data. A firewall, for example, borrows its name from “firewalls” which are designed to create safe areas where fire cannot pass due to the material they are made of. In this case, any external access not deemed necessary to an internal or public network is considered a fire and is simply blocked. Antivirus solutions and the virus signature model have also proven inadequate due to the response time required to update signature files and the amount of resources such systems use to scan thousands of files. It’s like the concept of sending the police to everyone’s house in a city of millions of people to try and find where the bad guys are hiding. With modern computers containing several 1,000 files and the ever-changing, near-polymorphic nature of modern viruses, the signature-based scanning model is no longer practical.
The problem with current approaches is that, with the increasingly widespread use of digital networks, there has never been any method to dynamically update firewalls or signature databases to accommodate new types of access and threats. Almost daily there are new applications that constantly become necessary for people to gain effective access to digital services and equally new threats. The current security model was never intended to be a solution that quickly determines between good and bad activity. In fact, it restricts the freedom of the entire group to protect itself from potential threats from a few. A really useful security system has to be able to allow and maintain access to the group and then only limit or deny access to those activities that are out of line with the established standard of operations.
With every security technique comes a cost of ownership, and in general, firewalls, antivirus software, VPNs, and access control methods serve more to limit access to modern digital networks than to protect them. System administrators and corporate IT security managers can no longer follow the restrict everything model, as in the end they are simply restricting legitimate access and severely limiting the ability of their users to take full advantage of the digital information revolution. and doing little to prevent “hackers” or unauthorized access to their networks.
A truly effective cybersecurity solution has to be as dynamic and flexible as the score of each changing application, digital service, and digital access device used. It is no longer a feasible model to restrict everything or scan everything as this only serves to prevent users from taking advantage of the increased productivity and power provided by modern digital networks and the Internet and is a tremendous use of computing resources.
The cyber security model for data networks can be defined as something that protects data and data systems by denying access to unauthorized users, preventing downtime of authorized services from unauthorized activities (denial of access attacks). service) and preserve the general functional state of a digital network. network at 99%.
1) Protection of data and data systems against unauthorized access
As more and more information such as financial information, credit card numbers, classified documents, and information that cannot fall into the wrong hands is stored online, data protection is the number one cybersecurity concern. Unfortunately, there have been many famous security breaches of important data such as the theft of millions of credit numbers, the theft of corporate trade secrets, and even concerns of foreign countries recovering national security information through the use of Trojan horses and other intrusion methods. .
Methods for intrusion include
The installation of backdoor network intrusion applications hidden or disguised as legitimate applications that break into a network by authorized users who inadvertently open infected emails or websites.
Brute force attacks, where common usernames and weak passwords are exploited by systems that try millions of combinations of username and password sets to gain access.
Exploits in operating systems such as Microsoft Windows that allow a secure or authorized service to be exploited by finding flaws in the software design.
Theft or violation of internal networks by employees or normally authorized persons with permitted access to the systems, or who have access to certain areas where through internal espionage they can find passwords and authentication codes for secure areas. (Notes left on desks, computers left searched in secure areas.
Exposure of data to external breaches by placing documents on USB flash drives and laptops to present said data in off-network meetings. Many times employees put a document on a USB stick that is for a presentation at a remote location, but they also have secure documents that are not related to the current meeting left on their USB. They then put your pen drive into a third party computer to file 1 document, unaware that that particular computer has a Trojan that quickly copies all the data on your USB to an unauthorized third party location.
2) Prevention of downtime of authorized services by unauthorized activities
Brute force attacks, scanners, and denial of service attacks can cause a network, its servers, and major access routers to go down to the point where the network can no longer be used in any way. Such attacks cause significant damage and downtime to networks on a daily basis. The ability to detect such attacks and cut them off at the source furthest from the core network and its services is very important to the overall health of a strong cybersecurity program.
3) Preserve the overall functional health status of a digital network.
Preserving the health of a digital network is not just about preventing attacks and unauthorized activity, but also about preserving the core services and data access that its authorized users depend on. It is not a viable solution to stop an attack or prevent potential attacks by also preventing or limiting authorized access. A cybersecurity solution must be able to isolate and prevent attacks and breaches of your integrity while not limiting or denying access to your resources by authorized users.
From the many different ways in which data network security can be breached, and the overwhelming reliance on such networks, it is clear that current security methods are not only no longer adequate to protect such networks, but are serving to cause more security issues and network access issues. As such, there has been an urgent need to change the current way of approaching cybersecurity and create a new dynamic model that is capable of constantly adapting to the ever-changing needs of protecting data networks.
A new IDS model must be created that must meet the following objectives:
The goal of any IDS system should be to preserve the integrity of the network it protects and to allow that network to function in its ideal 99.99% operational state. An IDS system should be lightweight and dynamically deployed. An IDS system cannot become another intrusion itself and must not break the first rule by compromising the integrity of the networks by using excessive computing and network resources in its attempts to protect the network.
An IDS system must be able to constantly adapt to a constantly changing environment and automatically update its own signature records based on evolving threats. An IDS system should not require a lot of hands-on resources to constantly update its signature files and require manual verification that the threats it detected are real and not fake. An IDS system must be capable of simultaneously protecting the network against attacks, unauthorized use, and downtime, without impeding or limiting access to the network and use of network resources to authorized clients. As such, it must remain discreet at all times and preserve the network in an open state where its core services and resources are 99.99% available to authorized network users while detecting, isolating, and preventing unauthorized activity.
Truly, only research into proactive defense mechanisms will be of use in protecting digital networks now and in the future.