We collect the first-aid kit information security

On a cold summer day alone, two colleagues in the information security workshop with poor health were discussing options for a speedy recovery in the smoking room. Both knew a couple of dozen relatively effective methods of treatment, and also possessed inquisitive minds, so during the conversation the idea was born to draw an analogy between medications and information security tools. Both the first and second serve a similar purpose - to provide protection, correct violations and implement preventive measures.

The conversation was interesting, so we decided to write down its main thoughts for colleagues and consumers of information security products and services. Despite the abundance of medical terms (preserved intentionally), the analogies turned out to be transparent and understandable to any reader, and for confidence and comfortable reading we left the text of the hint.

Perhaps, dear reader, your view on the information security tools included in our medicine chest and the indications for their use will differ. And that's good for a number of reasons. Firstly, each doctor has his own methods and methods of treatment and prescription of drugs. Secondly, it is an occasion to join us at the next break, meet and chat.
')
So let's get started.

The composition of the home kit is recommended to include a set of medicines and related materials necessary for quick first aid. It makes no sense to keep on hand a wide selection of various medical devices for a variety of diseases, to occupy a place in it with vitamins or other means to maintain and so strong immunity, and even more so to acquire antibiotics without the appointment of a therapist (information security auditor). Well, unless you do not collect diseases and medicines, but this is a separate conversation, preferably in the office of a psychotherapist.

If necessary, round-the-clock pharmacies, emergency departments, and a house call are now available to everyone. The universal first-aid kit contains what is really necessary and can be used by people without specialized medical education. The article presents the main active ingredients of drugs. With the same active ingredients, hundreds of drugs are produced under various brand names. You need to make the selection of the necessary means for you, focusing on the recommendations of your attending physician (system integrator) and your wallet, and you can always use the drug search service for the active substance (analytical agencies such as Gartner ).

1. Thermometer (event monitoring)

A thermometer is a very common device, which makes it possible to determine the temperature of a person’s body in a few minutes, it should be even for the healthiest people. Fever is a serious symptom of various diseases, mainly of infectious origin. The detection of high temperature makes it possible for the patient to suspect that his health is in danger and to seek medical help in a timely manner. Moreover, not only a single result is important, but also a temperature curve, which is obtained by changing this indicator for several days (or even weeks) in a row (event logging). For some ailments, constant high numbers are characteristic, while for others - temperature fluctuations by several degrees during the day. Therefore, the nature of the fever helps to make the correct diagnosis, prescribe treatment and, importantly, see whether there is an effect from therapy or it is worth changing (log analyzer and statistics collector). This explains the fact that the thermometer has become the most important medical device. On sale there are various types of devices specifically for this purpose. Especially popular are the traditional mercury and electronic thermometers (various ways of collecting logs).

2. Tonometer (vulnerability scanners)

This is a mandatory tool for the prevention and treatment of hypertension (gaps in the network protection system). High blood pressure puts additional stress on the cardiovascular system, which in turn leads to expansion of the heart chamber and damage to the blood vessels supplying the heart. Hypertension is often considered a “silent killer” because most patients with high blood pressure do not feel it and therefore do not seek treatment until it is too late (complete control over the critical resources of the attackers, violation of the integrity of the systems and their work) . Diagnosis, prevention and control of high blood pressure (search for vulnerabilities) are important in combating cardiovascular diseases (promptly eliminating vulnerabilities).

3. Medical dressings (sandbox and demilitarized zone)

Do you think the mask is not very necessary? Even as needed! The mask helps to prevent infection (proactive protection against malware), but under certain conditions. First, it must be periodically changed (returning the sandbox to its original, uninfected state) , otherwise it becomes a source of infection and the human condition may deteriorate (the spread of malicious code outside the sandbox towards the industrial environment). Secondly, the mask will help if we are talking about a bacterial infection, and not a viral one: the viruses are too small in size and easily penetrate through this barrier. And thirdly, the material of which the mask is made is of great importance. Nonwovens have a finer structure, which allows them to retain bacteria of a rather small size (creating a network with a DMZ using two firewalls) . The gauze mask in this regard is less effective: more bacteria can pass through it (with one firewall).

4. Sorbents (hanipot)

Activated carbon is an effective remedy that helps with various types of poisoning when they have eaten something wrong or have caught an intestinal infection (penetration of an intruder into the corporate network). The scope of application of this sorbent is not limited only to the relief of the state during acute intoxications. It should be kept in the home first-aid kit and those who pay special attention to their health (distracting the attacker's attention from the industrial environment, keeping logs about attack methods, points of penetration and materials used) and regularly cleans the body from toxins (spam traps).

5. Antispasmodics (DDoS protection)

A sharp attack of aching pain (the threat of data destruction, access to which is lost for the purpose of obtaining redemption) can be a symptom of a spasm of smooth muscles (attacks at the application level). Most often the head suffers when the vessels are stressed (massive attacks) and the stomach during a spasm of the abdominal organs (attacks at the protocol level). One of the safest drugs to help in this case is drotaverine (blackholing proxying). He has few side effects, the main of which is uncontrolled admission by patients who suppress pain, rather than cure the cause of its occurrence (does not allow separating “good” traffic from “bad”).

6. Painkillers and antipyretic drugs (differentiation of access rights, multifactor authentication)

Paracetamol and ibuprofen are non-steroidal anti-inflammatory drugs. In the first aid kit you need to add two drugs. They differ in time of action, anti-inflammatory activity. Practice shows that if the temperature does not fall from paracetamol, then ibuprofen helps. As remedies for headaches (protection against leakage) and toothache (protection against unauthorized access), drugs help in different ways, depending on their individual tolerance. It is important to follow the instructions in the instructions and dosage.

7. Antiseptics (password management)

The use of a brilliant green solution, commonly called "green paint" (simple unencrypted password), is nostalgia for the past. You can treat the wound without unpleasant tweaking (without holding dozens of passwords in memory) and without traces of green (indiscriminately the specific application the password belongs to) with good antiseptics. For example, chlorhexidine (password manager). There are many other uses for antiseptics: treating the mucosa with a sore throat (detecting weak passwords), various items for disinfection (creating complex passwords), etc. In contrast to green stuff, special antiseptics do not cause any inconvenience, and treated small wounds will heal and so, and if it is necessary to put stitches (password cracking), neither “green paint” nor antiseptic will help in any case.

8. Wound healing drugs (change management)

The wound (critical vulnerability) must be “tightened” in the shortest possible time. Ointment for wound healing is a necessary element of any home kit. No one is immune from skin damage, and the ability to quickly take action to heal wounds (the process of timely installation of current updates) will significantly shorten the period of therapy and get rid of many problems.

9. A set of medicines "for cold" (antivirus)

Most often, we are ill exactly this way: the nose is stuffed up (Trojans), we have a sore throat (worms), a cough (spies, cryptographers). With the manifestation of ARVI, symptomatic treatment is used (detection of computer viruses). A set of fixed assets is needed so that you do not have to flee to the pharmacy when you most want to lie down under a blanket and just sleep or avoid colds during an epidemic of acute respiratory infections (massive computer attacks).

10. Antihistamines (firewalls)

Antihistamines are used to combat allergic reactions (analysis of traffic coming in from the outside): urticaria (attack via IP address), allergic rhinitis (attack on software ports), atopic dermatitis (attack on the protocol), and others. Preparations block histamine receptors in the body, thereby stopping or reducing the release into the blood and tissues of biologically active substances responsible for the development of an allergic reaction.
Antihistamines are divided into several generations. The effect of first-generation funds (packet filtering) develops quickly, but they do not last long, and with long-term use may be addictive to the drug.

Antihistamines of the second (proxy server) and third generation (inspection of incoming traffic) have more benefits. They almost do not act on the nervous system and do not cause drowsiness, made on the basis of suprastin, dimetinden, cetirizine, in convenient forms and different dosages for children and adults (for large and small corporate networks).


In conclusion of filling our first medicine cabinet, I would like to emphasize the need for a standard annual medical examination under the OMS policy and the possibility of attaching to the VHI program for a more specialized examination with a focus on highly specialized doctors whose services are not included in the OMS policy.

Medical examination under the OMS policy (audit, consulting) is provided throughout the territory of the Russian Federation, regardless of the place of residence or registration. In order to undergo a medical examination, you need to come with a passport to one of the clinics of the city where you live, working in the system of compulsory health insurance and chosen by you for going through a regular medical examination (IB integrator company) and attach to it.

VHI (Information Security Operation Management Center - SOC) is a quality medical care with various voluntary medical insurance programs, for example:

• Outpatient polyclinic services (monitoring and analysis of information security events) - a program for adults and children, involves attaching to a particular selected medical institution;
• Inpatient care (detection and elimination of the consequences of computer attacks) - medical care with a planned or emergency hospitalization;
• Comprehensive medical care - inpatient and polyclinic care. Ambulance services (investigation of identified IS incidents) on the basis of the Medical Center (SOC service provider).

Additional terms on voluntary health insurance policies:

• If you are sick, it is enough to contact the medical supervisor, and he will give you a referral (recommendations on neutralizing cyber threats);
• A 24-hour consulting and dispatch center (24x7 technical support);
• Treatment and level of service (SLA) is monitored by company experts and independent experts.

The cost of the VHI policy in risk assessment will depend on the medical history - if a person is sick often, the price will be higher. It also depends on the insurance program and the category of the chosen medical institution.

CHI and LCA policies allow you to closely monitor your health, always be aware of the condition and prevent serious disruptions of the body, taking timely action if necessary in urgent treatment to avoid possible serious consequences that require surgical intervention.

For today, perhaps, everything! Our first-aid kit does not close, and will be replenished.

Authors: Yana Shevchenko, Manager, Promotion Department, Informzaschita, y.shevchenko@infosec.ru and Sergey Antipov, Senior Auditor, Banking Systems Security, Informzaschita, s.antipov@infosec.ru