Due to the expansion of IT integration into the workplace and shifts from in-house IT to external datacentres. We clearly understand the importance of IT security. Therefore, we have developed a specific section of our business dedicated to IT security. We understand that IT security is an organic ongoing activity that needs to be monitored and developed as technologies change. For this reason we have a trained team of security specialists that can assess our customers’ IT environment, recommend best practices and follow up on security level progress over time. Specifically for Toyota Group we also offer ATSG (All Toyota Security Guidelines) consultancy in order to support group companies to align with the Toyota global security strategy for best practices in IT, physical security and process flows. In addition, TTNI has a selection of security and monitoring tools that can be implemented for a preventative security approach.
Solution Diagram For Startup Company
TTNI – IT Security Solutions
1. Security Gateway Protection
2. Network Protection
3. Endpoint Protection
4. Advanced Protection
5. Vulnerability Assesment & Pentesting
Security Gateway Protection
1. Security Gateway Protection
1.A – SGP – Firewall
Basic Firewall contains the fundamental basis security functions which every business should use such as a firewall, network tools, routing. With the integrated firewall, unauthorized access to internal and external resources are rejected and hacker attacks blocked.
Packet Inspection Firewall
■ Packet filtering which searches Packet headers
■ Stateful packet inspection – follows events via sessions and recognizes logging irregularities
■ All data packets are checked twice: upon entering the Gateway and upon leaving
Network Address Translation
■ IPv4/IPv6 dual stack
■ Static Routing
■ DHCP Server/Relay
■ DNS Server
1.B – SGP – Web Protection
The unrestricted usage of the Internet, Instant Messaging, and Peer-to-Peer Programs not only reduces employee productivity, but can also lead to serious legal liability. Furthermore Malware hidden within downloads, needs to be filtered out to protect users and PCs from infection and data loss. The Web Protection Solution protects your organization and your users and gives you visibility into how they spend their time online.
Web Protection contains :
■ Blocks viruses, worms, trojans, and other “malware”
■ Scans HTTP, HTTPS und FTP traffic
■ Signature Database
■ Flexible Management
■ Control employee’s web access By categories & Considers global reputation of a website.
■ Additional whitelists und blacklists & Time-based access policies.
■ Many User Authentication Options (IP addresses, access for users or groups, Active Directory SSO
1.C – SGP – Email Protection
The Email Protection ensures that the abuse which email is subjected to, such as spam, viruses and privacy issues, do not affect your daily business routines. Email Protection stops spam, phishing and other unwanted email before it gets delivered and clutters up mailboxes. Through Email Encryption, sensitive information can be automatically encrypted and protected against external spys.
Email Protection contains :
■ Blocks Malware before it reaches email servers or desktops Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined
AntiSpam / Anti Phising
■ Reputation service , Expression filter
■ En-/Decryption and Digital Signatures for SMTP Emails
1.D – SGP – Secure VPN
The integrated Secure VPN provides the following functions:
Site-to-Site VPN for secure communication between two locations
Supports IPsec and SSL protocols
Star, hub-and-spoke and fully meshed configurations
Remote access for home workers and mobile users – Supports IPsec, SSL, L2TP and PPTP VPNs
Integrated clients in all operating systems (Windows, Linux, Mac OS X, iOs, Android…)
2. Network Protection
2.A – NP – Network Access Control (NAC)
When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy. Once the policy is met, the computer is able to access network resources and the Internet, NAC is mainly used for endpoint health checks, but it is often tied to Role-based Access. Access to the network will be given according to the profile of the person and the results of a posture/health check.
Remediation, quarantine and captive portals
Network operators deploy NAC products with the expectation that some legitimate clients will be denied access to the network (if users never had out-of-date patch levels, NAC would be unnecessary). Because of this, NAC solutions require a mechanism to remediate the end-user problems that deny them access.
Two common strategies for remediation are :
■ Captive portal
2.B – NP – Network Intrusion Prevention System (NIPS)
Network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis
■ Signature-Based Detection: Signature based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures.
■ Statistical anomaly-based detection: A statistical anomaly-based IDS determines the normal network activity —like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other— and alerts the administrator or user when traffic is detected which is anomalous (not normal).
■ Stateful Protocol Analysis Detection: This method identifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of benign activity.”
2.C – NP – Wireless Intrusion Prevention System (WIPS)
A wireless intrusion prevention system (WIPS) is a dedicated security device or integrated software application that monitors a wireless LAN network’s radio spectrum for rogue access points and other wireless threats.
A WIPS compares the MAC addresses of all wireless access points on a network against the known signatures of pre-authorized, known wireless access points and alerts an administrator when a discrepancy is found. To circumvent MAC address spoofing, some higher-end WIPS are able to analyze the unique radio frequency signatures that wireless devices generate and block unknown radio fingerprints.
Most WIPS overlay systems share the same fundamental components:
■ Sensors — monitor the radio spectrum and forward logs back to a central management server.
■ Management server — receives information captured by the sensors and take appropriate defense actions based on this information.
■ Database server –- stores and organizes the information captured by the sensors.
■ Console — provides an interface for administrators to set up and manage the WIPS.
3. EndPoint Protection
3.A – EP – AntiVirus (Client)
Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware.
There are several methods which antivirus engine can use to identify virus :
■ Signature-based detection
■ Heuristic-based detection
■ Rootkit detection
■ Real-time protection.
3.B – EP – Patch Management
Patch management is a strategy for managing patches or upgrades for software applications and technologies. A patch management plan can help a business or organization handle these changes efficiently.
Software patches are often necessary in order to fix existing problems with software that are noticed after the initial release. Many of these patches have to do with security. Others may have to do with specific functionality for programs.
3.C – EP – Data Loss Prevention
Data loss prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.
Designated DLP solutions detect and prevent unauthorized attempts to copy or send sensitive data, intentionally or unintentionally, without authorization, mainly by personnel who are authorized to access the sensitive information. In order to classify certain information as sensitive, these solutions use mechanisms, such as exact data matching, structured data fingerprinting, statistical methods, rule and regular expression matching, published lexicons, conceptual definitions, and keywords
3.D – EP – Mobile Device Management
MDM is a way to ensure employees stay productive and do not breach corporate policies. Many organizations control activities of their employees using MDM products/services. MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on device, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories. MDM implementations may be either on-premises or cloud-based.
There are plenty of other features depending on which MDM product is chosen. Below is the list for it:
■ Policy Enforcing
■ Personal Policy
■ Device Platform specific:
■ Compliance Policies/Rules
■ VPN configuration
■ Application Catalogue
■ Pre-defined Wi-Fi and settings
■ Jail-break/Root detection
■ Remote Wipe of corporate data
■ Remote Wipe of entire device
■ Device remote locking
■ Remote messaging/buzz
■ Disabling native apps on device
4. Advanced Protection
4.A – AdP – Unknown Threat (Malware Analysis)
Your business depends on the web, email and file exchange. That’s why over 90% of cyber attacks use those communication channels to infiltrate your organization and gain access to your valuable data or cause damage.
Malware writers can exploit zero-day vulnerabilities through several different attack vectors. Sometimes, when users visit rogue Web sites, malicious code on the site can exploit vulnerabilities in Web browsers. Web browsers are a particular target for criminals because of their widespread distribution and usage. Cybercriminals can also send malicious e-mail attachments via SMTP, which exploit vulnerabilities in the application opening the attachment. Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT. Criminals can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.
4.B – AdP – Security Information and Event Management (SIEM)
Security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications.
The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views. A key focus is to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response.
■ Data aggregation
■ Forensic analysis
Vulnerability Assesment & Penetration Testing
5. Vulnerability Assesment & Penetration Testing
5.A – VAP – Vulnerability Assesment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems.
Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
■ Cataloging assets and capabilities (resources) in a system.
■ Assigning quantifiable value (or at least rank order) and importance to those resources
■ Identifying the vulnerabilities or potential threats to each resource
■ Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
5.B – VAP – Penetration Testing
A penetration test, or sometimes pentest, is attack on a computer system that looks for security weaknesses, potentially gaining access to the computer’s features and data. The goals of penetration tests are:
■ Determine feasibility of a particular set of attack vectors
■ Identify high-risk vulnerabilities from a combination of lower-risk vulnerabilities exploited in a particular sequence
■ Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
■ Assess the magnitude of potential business and operational impacts of successful attacks
■ Test the ability of network defenders to detect and respond to attacks
■ Provide evidence to support increased investments in security personnel and technology