Application layer attacks has been an attack vector for the ages now. Application-layer attacks target computers by causing a fault in a system which as a result enables to gain the ability to bypass normal access controls. For as long as there are entry points in firewalls for applications, there will always be exploits of the resulting vulnerability, resulting in this kind of attack. However, letting applications through firewalls is necessary to do certain business operation. For example, to allow remote users to access email.
Businesses can take the defence-in-depth approach, however as soon as they open a port up to the internet, they introduce a new risk of attack. Technically, the means of mitigating the risk from application layer attacks needs to be proportionate and may vary. However, securing the application layers is dependent on people and great security processes and hygiene. Most breaches come from insiders, either through negligence such as poor training or simply failing to understand why their behaviour impacts security, or malicious activity. There is a variety of things to consider around users of applications. People are not only part of the threat, but will be the best defence to the threat:
- Application password hygiene – force them to choose an excellent password but force them to change it every 30 days.
- Put appropriate barriers in place for authentication by users. Use two-factor authentication.
- Keep measures appropriate and usable so they are user-friendly enough to stop users trying to circumnavigate them.
- Understand information assets – use defence in depth at the application layer.
- Segregate sensitive and non-sensitive assets.
Remember that most breaches come from people as proven by the epic story of Morrison breach by a disgruntled employee with access to sensitive data, or Edward Snowden. External threats can’t be ignored, of course, however the frequent occurrence of breaches by internal weakness with people, supported by technology can play a part in best defence. It would be impractical for businesses to stop allowing applications through firewalls, so understanding the risk to information assets is imperative.
Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.
James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
More articles by James
Cyber Pulse: Edition 105
Cyber Pulse: Edition 104
Cyber Pulse: Edition 103
Cyber Pulse: Edition 102
Cyber Pulse: Edition 101
4 things you need to know about cyber security in 2020
How does Ransomware-as-a-Service work?
Phishing Campaigns: Defending organisations against phishing
Is Mr Robot a good representation of real-life hacking and hacking culture?
Safeguarding your Digital Footprint