A great SECINT (Security Intelligence) paper John Stewart wrote:
http://www.cisco.com/web/about/security/intelligence/JNS_TTPs.pdf
Basics must be mastered:
- patching
- Identity: Strong identity, federated Identity, and identity based networking
- Eliminate dark space
Notice that the basic #1 item is patching. We must be able to cover patching on a timely basis with a regular methodology. Otherwise our systems are an easy target. we discuss this many times – A hacker performs VA – Vulnerability Analysis (of the SVAPE&C explanation)
Identity: means authentication which Mr. Stewart has broken down into Strong identity, Identity based networking and federated identity.
This topic is a bit more complicated with two-factor authentication not being so easy to set up, but if you want to make it extra difficult for attackers to gain access to your computer systems this is a good place to increase in security. especially as we try to access with our smartphones and mobile devices all the files that we can access with desktops.
Eliminating dark space is an interesting
I think defining dark space will give an idea of what one can do to work on making more space “white”
Dark space is defined as the inverse of what systems and devices are viewable on the network.
This means that if you do a network scan and a device does not reply but is still on the network at a time that you do not scan the network. Or if you try to scan devices but cannot due to a specific segment being blocked. Special circumstances create dark spaces, and Security needs to uncover as many as possible within a reasonable timespan.