Operations security is concerned with the day-to-day practices necessary to first deploy and later maintain a secure system. All networks are vulnerable to attack if the planning, implementation, operations, and maintenance of the network do not adhere to operational security practices.
Operations security starts with the planning and implementation process of a network. During these phases, the operations team analyzes designs, identifies risks and vulnerabilities, and makes the necessary adaptations. The actual operational tasks begin after the network is set up and include the continual maintenance of the environment. These activities enable the environment, systems, and applications to continue to run correctly and securely.
Some security testing techniques are predominantly manual, and others are highly automated. Regardless of the type of testing, the staff that sets up and conducts the security testing should have significant security and networking knowledge in these areas:
- Operating systems
- Basic programming
- Networking protocols, such as TCP/IP
- Network vulnerabilities and risk mitigation
- Device hardening
- Firewalls
- IPSs
Types of Network Tests
Threat actors use reconnaissance techniques to learn about networks as they search for vulnerabilities. Similarly, network testers use reconnaissance to find out what hackers can learn. Active reconnaissance means directly interacting with network systems to gather information using many of the tools that are used in penetration testing and vulnerability assessment. Passive reconnaissance means indirectly learning about the network and network users through searches from information sources that range from Facebook to leaked password details on the dark web. It frequently involves the use of open-source intelligence (OSINT) information resources. Network security testing requires cybersecurity personnel to think like threat actors and discover vulnerabilities before they can be exploited by the real threat actors.
After a network is operational, you must access its security status. Many security tests can be conducted to assess the operational status of the network:
- Penetration testing – Network penetration tests, or pen testing, simulate attacks from malicious sources. The goal is to determine the feasibility of an attack and possible consequences if one were to occur. Some pen testing may involve accessing a client’s premises and using social engineering skills to test their overall security posture.
- Network scanning – Includes software that can ping computers, scan for listening TCP ports, and display which types of resources are available on the network. Some scanning software can also detect usernames, groups, and shared resources. Network administrators can use this information to strengthen their networks.
- Vulnerability scanning – This includes software that can detect potential weaknesses in the tested systems. These weaknesses can include misconfiguration, blank or default passwords, or potential targets for DoS attacks. Some software allows administrators to attempt to crash the system through the identified vulnerability.
- Password cracking – This includes software that is used to test and detect weak passwords that should be changed. Password policies must include guidelines to prevent weak passwords.
- Log review – System administrators should review security logs to identify potential security threats. Filtering software to scan lengthy log files should be used to help discover abnormal activity to investigate.
- Integrity checkers – An integrity checking system detects and reports on changes in the system. Most of the monitoring is focused on the file system. However, some checking systems can report on login and logout activities.
- Virus detection – Virus or antimalware detection software should be used to identify and remove computer viruses and other malware.
