Download PDF - Codenomicon
Download PDF - Codenomicon
Download PDF - Codenomicon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)<br />
network. The Stuxnet was carried into the plants on a corrupted laptop or thumb drive [22]. Corporate networks connected to critical<br />
networks are full of equipment, like VoIP phones, printers and storage devices. Nobody thought that these devices could be used<br />
to attack the networks, so the developers did not try to make this difficult or impossible to do [12].<br />
When sourcing equipment for critical networks or networks connected to critical networks security, robustness testing should be<br />
used as an acceptance criterion. The challenge with outsourcing is that you lose visibility over the security and quality of the software<br />
development. Often buyers have been surprised to find that the middleware they have purchased has an open source core.<br />
Networks for distributed organizations often include site-to-site, branch office, and remote access networks. There might also be<br />
additional network security layers such as VPNs and LANs. All these add to the complexity of a network making it more difficult to<br />
secure and increasing the importance of proactive measures.<br />
Desktops, laptops,<br />
smartphones, USB sticks<br />
Printers<br />
Firewall<br />
IPS/IDS<br />
Web and<br />
mobile services<br />
Cloud<br />
services<br />
Closed Network<br />
Router<br />
Corporate Network<br />
Router<br />
Internet<br />
Laptops<br />
USB Sticks<br />
Web servers<br />
VoIP server<br />
Storage devices<br />
VPN<br />
Partners<br />
Branch office<br />
Roaming user<br />
Remote user<br />
Figure 6: Closed and corporate networks.<br />
Cloud Security<br />
eGov and mGov<br />
In recent years the use of virtualization technologies and cloud<br />
services has increased dramatically. Cloud services and virtualization<br />
can help government agencies connect with citizens,<br />
improve efficiency and reduce costs. However, like any new<br />
technology, cloud services and virtualization introduce new security<br />
concerns. New technologies are not necessarily inherently<br />
less secure than old ones. They just have not been tested and<br />
used for as long. Also, the threats can be different. The potential<br />
security risk in cloud technologies is the hypervisor, which controls<br />
all the clients within a virtual cloud. If the implementations<br />
of PHYP or another hypervisor protocol contain vulnerabilities,<br />
these could be exploited to inject malicious code or to otherwise<br />
control client clouds.<br />
eGov and mGov services make information sharing between<br />
citizens, businesses and government more seamless: less paperwork,<br />
less bureaucracy and you use the services whenever,<br />
wherever. Such initiatives should be applauded, as they improve<br />
the efficiency of government services and improve the<br />
quality of service experienced by the users. However, in developing<br />
services with external user interfaces to handle private<br />
and confidential information, the robustness of the services<br />
should be thoroughly tested before deployment. Any security<br />
incidents could erode user confidence and set back the development<br />
of the services.