Skip to main content

IT Infrastructure Security

 


As I have said, the Security of the IT Infrastructure, taken as a whole, encompasses the security of the Information System and the Security of the connected Industrial and/or high-tech equipment such as for example research laboratory equipment, medical equipment or that of the functionalities of a company or institution. The IT Infrastructure is understood as comprising all the operational elements essential for the effective, efficient and proactive use of technology in general, information and data. The IT Infrastructure is therefore made up of visible and/or physical elements such as computers, servers, personnel, all physical installations including programmable and connected industrial or high-tech equipment. But it is also made up of invisible and/or intangible elements such as networks, data and storage, virtual facilities and software, to which must be added processes, policies, training, security, mobile and virtual functionalities. IT Infrastructure Security is the set of means, tools, techniques, policies and methods that guarantee: - that only competent persons or other authorised systems intervene on the system, on the physical or virtual installations and on the functionalities and that only competent persons or other authorised systems have access to the data, whether sensitive or not and, - the confidentiality, integrity and availability of such data. The security of industrial and/or high-tech equipment or the security of the functionalities of a company or institution differs from the security of the Information System because it requires the implementation of different means and measures of protection, among which the following can be mentioned: - Prevention and sensitization of operators and stakeholders to good practices, - A thorough knowledge of the network infrastructure to detect potential faults (mapping), - The implementation of a continuous monitoring approach for industrial systems and flows, - Constant monitoring of threats and vulnerabilities, The objective of the security of industrial and/or high-tech equipment or the security of the functionalities of a company or institution is to reduce risk areas without harming business objectives. Thus, we will use a: - Physical access control, - Intrusion detection, - Use of industrial components and equipment integrating authentication or trade protection systems, - Updating of supervision software solutions (SCADA) to benefit from the latest developments in safety, However, there is no point in rushing to these means of protection without first carrying out a risk analysis. The analysis of risks in the area of Industrial and/or high-tech equipment or the analysis of the functionalities of a company or institution can begin either by drawing up a list of assets to be protected classified according to their order of importance for the activity of the company or institution, followed by an analysis of the impact in the event of a loss, or by drawing up a table of risks which will be sorted according to their level of dangerousness and the probability of their occurrence. In order to draw up the impact analysis, those affecting the infrastructure and production capacity (more or less long interruption), people (injuries, deaths) and the environment (pollution) must be taken into consideration, without omitting the impact on the national economy. In our next email we will develop this impact analysis and especially we will address the problems related to the interconnection of networks.

Comments

Post a Comment

Popular posts from this blog

QUIZZ

The 3 first ones who will give the right answers to the 10 following questions will win a Personal Firewall ARCHANGEL© PICCOLO   1.       What is the relation between the 3 background photos that are on the profile page of Mr. Patrick HOUYOUX President-Director of PT SYDECO? 2.        How many devices does the Firewall of Next Generation ARCHANGEL© 2.0 series SA1470 protect and how many secure tunnels does it create? 3.       What is the price of a one-year licence that a user of ARCHANGEL© PICCOLO will have to pay to continue protecting his or her IT installations from the second year onwards? 4.       What are the three programs which are housed in a single server that enable PT SYDECO's Integrated Protection System, to protect data at all times? 5.       Can PICCOLO protect a Smartphone? 6.       When (D/M/Y) did PT SYDECO signed a MOU with the Faculty of Engineering of University Gadjah Mada Yogyakarta? 7.    What are the three main features that make SydeCloud©, PT SYDECO'
Post a Comment
Read more

A lesson in cyber safety

In an article published on 19 June 2023 in globalsecuritymag.fr/, Benoit Grunemwald, cybersecurity expert at ESET France, recounts the cyberattack suffered by REDDIT, an American social news aggregation, content rating, and discussion website, in February of the same year, and draws some lessons from it. This article follows the hackers' attempts, last repeated on 16 June, to obtain a ransom of 4.5 million dollars in order to delete the 80 GB of data stolen from the company, to which the company did not respond. The data was not encrypted, so the company did not lose it. However, the same cannot be said for its reputation.  Benoit Grunemwald explains that " It all started with a phishing email to harvest employee account data. All it takes is for a single employee to be trapped for cyber criminals to gain access to internal documents, software code, employee data , etc." He goes on to stress the " need to integrate in-depth security methods and resources, such as zer
Post a Comment
Read more

BOT attacks: a growing threat on the Internet

Bot attacks , the malicious and damaging use of automated computer programs known as bots (or BOTS), have become a growing concern and a pervasive reality in the modern digital landscape. BOTS, or software robots, are automated programs originally designed to perform tasks on the Internet without human intervention. Unfortunately, hackers have also managed to turn them into a hacking technique, created with malicious intent, to manipulate, defraud or disrupt a site, application, API or users, potentially causing enormous damage to businesses and users, compromising the security of systems and data. To carry out their BOTS attacks, the majority of hackers use software called botkits, which are freely available online and sold on the Dark Web. Vendors of this type of software also offer paid services to carry out BOT attacks, including software to power DDoS attacks. BOT attacks include, but are not limited to,  Email Spam , which is used to send spam emails containing malicious software
Post a Comment
Read more