Internet Security Proactive Countermeasures

Preventative measures and rapid response countermeasures; especially in response to zero-day threats, will always be required and includes such options as (note that the items on this list are not presented in any particular order):

Default Parameters – Change the default parameters and settings such as administrator account name and password. This applies to all devices including PCs, servers, mobile devices, router, switches and ADSL broadband modem/router, LAN switch devices.

Processor Specific Preventative Measures - Data Execute Prevention (DEP)

Antimalware - Antivirus software, malicious code controls, Spyware countermeasures, blocking Adware and erroneous non work-related pop-ups and notification dialogues that we all hate with a passion. 

Security Appliances - Firewalls, intrusion detection and prevention systems. You should activate and configure a software firewall such as that which Microsoft provide free of charge for Windows XP Service Pack 1 (XPSP1) and above. It may not be the greatest firewall ever made but it does afford some protection above and beyond that of having no firewall what-so-ever.

Multi-Factor Authentication Systems – Includes biometrics, smart cards, digital signatures, digital certificates, extended validation digital certificates, OpenID

Network Segmentation – This will include Demilitarized Zones (DMZs), LAN segmentation (also helps to reduce loops and broadcast storms, activate and configure the Spanning Tree Protocol (STP)

Backups – Both onsite and offsite backup storage are easy to implement solutions/strategies to ensure that should worst come to the worst you have not lost all of your data forever. Implementing backup and backup storage strategies that incorporate multiple offsite backup copies along with multiple locally stored and accessible backup copies will afford you the best protection against equipment failures such as hard drive failure/death, data corruption, power outages, malicious activities, storage media failure and/or theft etc.

Encryption – It is most advisable to store data including backups in an encrypted format. Whole disc encryption is now a realistic economically viable option. All communications between remote end-points should also be fully encrypted

Hashing – Use hashing algorithms (such as MD5) and hash digests to verify the integrity of your data.

Secure Networking Technologies – Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol (L2TP), IPSec, RADIUS, Kerberos, Virtual Private Networking (VPN), Secure Sockets Layer (SSL), Secure Shell Technologies (SSH)

Regular Updates - Patches, hot fixes, regular operating system and application software updates, device driver updates (Dynamic Link Libraries (DLLs)), security bulletins and notifications, antivirus and antimalware software updates which includes the downloading and installing the latest virus definitions which most antivirus software can do automatically without the need for user intervention.

Security Policies, Processes and Procedures - Monitoring, logging, auditing, accounting, analysis, planning, re-evaluation, notifications, alarms, surveillance, policy implementation and review

Penetration Testing - Continual testing and systems/network state-of-readiness assessment should be conducted as a regime of standard test, processes and procedures. You must not forget to be most vigorous and persistent in your efforts here. Another factor that is often overlooked is that your vigilance must extend to continual appraisal of your penetration testing tools. New threats emerge everyday and should be evaluated with development of countermeasures and testing regime modifications where and when necessary.

Physical Security – Controlled access, locks, bolts, keys, security guards, limited access zones, cable ties, all-purpose tie-downs, camouflage, locate communications and networking  infrastructure and infrastructure devices such as Wireless Access Points (WAPs) out of reach of casual guests, pass-through points, physical traffic and traffic flow  control

User Education - By educating users we can greatly reduce our exposure to the most common and persistent of all security threats and security attack modus operandi. In general; user education and behavior modification are our most powerful and effective tools when it comes to reducing threat exposure in the field. This will include measures and education about the risks and threats arising out of use of publically accessible ad hoc wireless networks. Test drills play an important role that should never be overlooked.

Testing, Benchmarking and Base Lining – This is where early-warning and notification systems will play a role. Base lining will be most useful as it will provide a reference point that you can use to compare network performance and other parameters. In this way you will be able to definitively say that something is wrong because the system/network is not performing as well as it was yesterday.

Proof-of-Concept Implementations – It is important to thoroughly test and trial any new security initiatives prior to production implementation.