Skip to main content

Protect Email, Data, and Networks

Learning Objectives

After completing this unit, you’ll be able to:

  • Define how email and web browser protections limit opportunities for attackers to manipulate human behavior through direct engagement.
  • Describe procedures and tools to defend against malware.
  • Explain Safeguards to recover data.
  • Identify why managing network infrastructure is critical.
  • List procedures and tools for managing network infrastructure.

Protect Email and Web Browsers

Now you have a better idea of how to manage accounts, access control, vulnerabilities, and audit logs. Next let’s take a look at how to protect email, defend against malware, recover data, and manage networks. 

Meet Meredith, a cybersecurity specialist at a consulting firm, who helps client organizations improve their cyberdefense capabilities for detecting and protecting against email and web threats. To increase her clients’ capabilities, she works with their security teams to explore the ways in which cybercriminals could exploit web and email vulnerabilities. 

Meredith explains that most popular web browsers employ a database of phishing and malware sites to protect against the most common threats. She also explains that email represents one of the most interactive ways humans work with an organization’s assets, and that training and encouraging the right behavior is just as important as configuring technical settings.  

Additionally, Meredith helps her client organizations put in place these Safeguards.

  • Ensure Use of Only Fully Supported Browsers and Email Clients: She reviews the client’s web browsers and email clients to verify that only fully supported browsers and email clients are allowed to execute in the organization, using only the latest version of browsers and email clients provided through a well-known and supported vendor.
  • Use Domain Name System (DNS) Filtering Services: She verifies that the organization uses DNS filtering services on all assets to block access to known malicious domains.

Meredith knows that these Safeguards limit opportunities for attackers to manipulate human behavior. 

Defend Against Malware

Now that Meredith has reviewed how her client protects email and web browsers, she turns to working with the client to improve their malware defenses. She reviews the client’s processes and controls for preventing and controlling the installation, spread, and execution of malicious applications, code, or scripts throughout the organization’s assets. 

She explains to her client that malicious software (sometimes categorized as viruses or Trojans) is an integral and dangerous aspect of internet threats. Malware enters an organization through vulnerabilities within the organization on end-user devices, email attachments, webpages, cloud services, mobile devices, and removable media. 

To strengthen her client’s malware protection, Meredith recommends they use both traditional endpoint malware prevention and detection suites. She adds that, to ensure malware indicators of compromise (IOCs) are up to date, the organization should receive automated updates from a vendor regularly to enrich other vulnerability or threat data. 

She also explains to them that besides being able to block or identify malware, they also need to focus on centrally collecting the logs to support alerting, identification, and incident response. 

She also works with the client to help them implement these Safeguards. 

  • Deploy and Maintain Anti-Malware Software: She helps the client deploy, configure, and maintain anti-malware software on all their assets.
  • Configure Automatic Anti-Malware Signature Updates: She assists the client in configuring automatic updates for anti-malware signature files on all their assets.
  • Disable Autorun and Autoplay for Removable Media: She works with the client to verify that autorun, autoplay, and auto-execute functionality has been disabled for removable media.

Meredith knows that by implementing these Safeguards, her client will be better able to defend against malware through automation, timely and rapid updating, and integration with other processes like vulnerability management and incident response. 

Recover Data

Next, Meredith reviews her client’s data recovery practices to verify that they’re sufficient to restore in-scope assets to a pre-incident and trusted state. Meredith works with them to define data recovery procedures. These should include identifying critical data types the organization processes, stores, or transmits, and backup procedures based on data value, sensitivity, or retention requirements. Having backup procedures will assist in developing backup frequency and type (full versus incremental).

A recovery backup loading on a computer

Once per quarter (or whenever a new backup process or technology is introduced), Meredith recommends that a testing team evaluate a random sampling of backups and attempt to restore them in a test environment.

The restored backups should be verified to ensure that the operating system, application, and data from the backup are all intact and functional. She reminds her client that if a malware infection occurs, restoration procedures should use a version of the backup that is believed to predate the original infection and should be reviewed to make sure the infection is nonexistent before restoring.

In addition, Meredith works with her client to advise them on putting in place these Safeguards.

  • Establish and Maintain a Data Recovery Process: She advises the client on establishing a data recovery process. She tells them that in the process, they should address the scope of data recovery activities, recovery prioritization, and the security of backup data. They should review and update the documentation annually, or when significant changes occur that could impact this Safeguard.
  • Perform Automated Backups: She counsels the client on performing automated backups of in-scope assets, including running backups weekly, or more frequently, based on the sensitivity of the data.
  • Protect Recovery Data: She advises the client on protecting recovery data with equivalent controls to the original data. She advises them to implement encryption or data separation that limits access to only authorized personnel.
  • Establish and Maintain an Isolated Instance of Recovery Data: She counsels the client on maintaining an isolated instance of recovery data, including implementation of version controlling and backup destinations through offline, cloud, or offsite systems or services.

Meredith knows that implementing these Safeguards can help her client protect the availability of their data.

Manage Network Infrastructure

Finally, Meredith is ready to help her client improve their network infrastructure management. She knows that establishing, implementing, and actively managing network devices is critical to prevent attackers from exploiting vulnerable network services and access points.

Network infrastructure includes devices such as physical and virtualized gateways, firewalls, wireless access points, routers, and switches. A secure network infrastructure is an essential defense against attacks. This includes implementing a securely configured architecture design, addressing vulnerabilities that are oftentimes introduced with default settings, monitoring for changes, and reassessing current configurations.

Default configurations for network devices are geared for ease of deployment and ease of use, not security. Potential default vulnerabilities include open services and ports, default accounts and passwords (including service accounts), support for older vulnerable protocols, and pre-installation of unneeded software. Attackers search for vulnerable default settings, gaps, or inconsistencies in firewall rule sets, routers, and switches, and use those holes to penetrate defenses. They exploit flaws in these devices to gain access to networks, redirect traffic on a network, and intercept data while in transmission.

Network security is a constantly changing environment that necessitates regular reevaluation of architecture diagrams, configurations, access controls, and allowed traffic flows. Attackers take advantage of how network device configurations become less secure over time as users demand exceptions for specific business needs. Sometimes the exceptions are deployed but not removed when they’re no longer applicable to the business’s needs.

Procedures and Tools for Network Infrastructure Management

Meredith knows that her client should verify their network infrastructure is fully documented and that their architecture diagrams are kept up to date. It’s important for key infrastructure components to have vendor support for patches and feature upgrades.

An up-to-date network architecture diagram, including security architecture diagrams, is an important foundation for infrastructure management. Next is having complete account management for access control, logging, and monitoring. Finally, infrastructure administration should be performed only over secure protocols, with strong authentication (multi-factor authentication [MFA] for privileged account management [PAM]), and from dedicated administrative devices or out-of-band networks.

Commercial tools can be helpful to evaluate the rule sets of network filtering devices to determine whether they’re consistent or in conflict. This provides an automated sanity check of network filters. These tools search for errors in rule sets or access control lists (ACLs) that may allow unintended services or traffic through the network devices. Such tools should be run each time significant changes are made to firewall rule sets, router ACLs, or other filtering technologies.

It’s especially important to implement controls for telework, given the widespread adoption of remote work across various industries. This shift in workplace structure requires ongoing attention on enhancing the security of remote work environments.

Meredith works with her client to implement this Safeguard.

  • Ensure Network Infrastructure Is Up to Date: Meredith assists her client in keeping their network infrastructure up to date. She helps them run the latest stable release of software and explore using Network-as-a-service (NaaS) offerings. She also advises her client to review software versions monthly, or more frequently, to verify software support.

Meredith knows that ensuring network infrastructure is up-to-date, and properly analyzing and measuring security risks associated with infrastructure, are key to improving the client’s security program.

Sum It Up

In this unit, you’ve been introduced to why protecting email and web browsers is critical. You’ve learned about procedures and tools to defend against malware. You’ve also learned about Safeguards to recover data, and reasons why managing networks is critical.

Next, you learn about raising security awareness, Safeguards for managing service providers, and reasons why responding to incidents is critical.

Comparta sus comentarios sobre Trailhead en la Ayuda de Salesforce.

Nos encantaría conocer su experiencia con Trailhead. Ahora puede acceder al nuevo formulario de comentarios cuando quiera desde el sitio de la Ayuda de Salesforce.

Más información Continuar para compartir comentarios