<%@LANGUAGE="JAVASCRIPT" CODEPAGE="65001"%> First Principles Cybersecurity

First Principles Cybersecurity

Disclaimer

My background is diverse, but does not include cybersecurity. Information on this page is from first principles and common sense. Use this information at your own risk. By continuing here, you agree to hold any and all parties harmless in consequences of your own decisions and actions. If you want certification, you must hire a qualified, bonded cybersecurity engineer.

Conventional Procedures

Everyone agrees that you train your users to comply with simple rules:

These steps are essential because they reduce successful attacks on your network to a trickle. But, for protection, this alone is inadequate. If you have 1,000 users, a one-in-a-thousand event will occur an average of once a day.

First Line of Defense

Use two networks. A very simple way to do this for an office of a few people and very limited budget is to put users on the main router, with direct access through the built-in firewall to the Internet modem. For Company confidential files and cleared users of the secure network, feed a second router by cable from the first router.

To make this work for you, the obvious guidelines are

On the secure network:

Consider using multiple real-time software security, such as MBAM with an anti-virus program, or specific protection from ransomware such as that offered as part of the backup package Acronis.

Hardwired Security

The best security is achieved by configuring your secure network without Internet connection or connection to another network, even your own user network. All exchange of files and data is through media, preferably optical media (CD-ROM, data DVD, data Blu_Ray) that is scanned by specially-configured computers and approved before allowed in or out of the secured area.

Keeping anti-virus and antimalware up-to-date on an isolated network is simple. You download anti-virus and antimalware updates on the outside user network, write to thumb drive or optical media, scan and clear for the secure network, and make available on a file server on your secure network.

Extreme Cybersecurity

An isolated network is made most secure by these simple but expensive measures.