{"id":21,"date":"2023-10-23T13:44:00","date_gmt":"2023-10-23T10:44:00","guid":{"rendered":"https:\/\/blog.comping.fi\/?p=21"},"modified":"2025-09-16T15:02:17","modified_gmt":"2025-09-16T13:02:17","slug":"security-basics-part-1-why","status":"publish","type":"post","link":"https:\/\/blog.comping.fi\/?p=21","title":{"rendered":"Security basics, part 1 &#8211; Why?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This series discusses on the security on higher level so it doesn&#8217;t get too technical and is aimed for IT service owners and decision-makers. Focus is on prevention rather than the aftermath after something&#8217;s gone wrong.<\/p>\n\n\n\n<p class=\"has-black-color has-luminous-vivid-amber-background-color has-text-color has-background has-link-color wp-elements-583336d4dbff939d23644d92e8bb3d5d wp-block-paragraph\"><strong>Update 16th Sep 2025!<\/strong> TLS Best practices link updated<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Topics<\/h3>\n\n\n\n<p class=\"has-black-color has-cyan-bluish-gray-background-color has-text-color has-background wp-block-paragraph\"><strong>Why<\/strong> &#8211; Why someone tries to access the environment?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Who<\/strong> &#8211; Who should be able to access the environment? Can we authenticate the users or identify them in another way?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Where<\/strong> &#8211; Where are the users connecting from? From the office network? Some specific country\/countries\/region? Can we either whitelist or blacklist the locations?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>When<\/strong> &#8211; Is the environment accessed around the clock? Can we recognize peak usage times?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How<\/strong> &#8211; What kind of device they&#8217;re using, what possibilities we have locating and authenticating the user?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I think there are two levels of attacks to IT environments; <strong>vandalism<\/strong> &#8211; <em>&#8220;let&#8217;s sweep the area and see if we can break anything&#8221;<\/em> and the more dangerous one &#8211; <strong>targeted<\/strong>. I would say there are different measures one should take to be protected from these.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This post drills down to very basics, more will follow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Vandalism<\/h3>\n\n\n\n<div class=\"wp-block-columns alignwide is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<p class=\"wp-block-paragraph\">Someone just sweeps the network for known vulnerabilities and uses these to cause service distruption. The attacker doesn&#8217;t really care whose environment they&#8217;re breaking, but might use the stolen data to sell it forward or blackmail the company.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There&#8217;s plenty of tools that are really easy to use for this kind of activity and the attacker just might get their kicks just from causing an outage to a company access portal or web service. I would consider Denial-of-Service (DoS) attacks as one form of vandalism (ofc&#8230; targeted DoS attacks are certainly a thing also).<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"3000\" height=\"2000\" src=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/aleksandr-popov-ZKuZNTogNdM-unsplash.jpg\" alt=\"https:\/\/unsplash.com\/photos\/ZKuZNTogNdM\" class=\"wp-image-45\" srcset=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/aleksandr-popov-ZKuZNTogNdM-unsplash.jpg 3000w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/aleksandr-popov-ZKuZNTogNdM-unsplash-300x200.jpg 300w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/aleksandr-popov-ZKuZNTogNdM-unsplash-1024x683.jpg 1024w\" sizes=\"auto, (max-width: 3000px) 100vw, 3000px\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Targeted<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Attack might occur on multiple vectors including social engineering, targeted phishing, etc\u2026 Protecting from these kind of attacks is much trickier and can&#8217;t be only prevented with technical measures.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One charasteristic for these attacks is likely doing subtle tests for the targeted environment on many levels just to check if there are one or many ways to gain access. My take is that a targeted attack is likely to be done &#8220;in the shadows&#8221; so that no one notices anything before it&#8217;s too late.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Protection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">It takes way less effort (and money) to act in advance, because repairing damage after an attack takes a lot of work and money and there are things that one might not be able to fix like company&#8217;s reputation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are plenty of measures to protect the IT environment from attacks that fall in to one or both of the categories above.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Posture<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">One obvious thing is to avoid being an &#8220;easy target&#8221; and I think this applies for the both cases. Great ways to easily check your current security posture, is to use great free online tools like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Qualys SSL Labs SSL Server test (<a href=\"https:\/\/www.ssllabs.com\/ssltest\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.ssllabs.com\/ssltest\/<\/a>)<\/li>\n\n\n\n<li>Security Headers (<a href=\"https:\/\/securityheaders.com\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/securityheaders.com<\/a>)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Make sure you get the A+ or A grade for your site:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"989\" height=\"417\" src=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image-1.png\" alt=\"Qualys SSL Labs\" class=\"wp-image-37\" srcset=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image-1.png 989w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image-1-300x126.png 300w\" sizes=\"auto, (max-width: 989px) 100vw, 989px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"286\" src=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image-1024x286.png\" alt=\"Security Headers\" class=\"wp-image-35\" srcset=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image-1024x286.png 1024w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image-300x84.png 300w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/06\/image.png 1202w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">As these tools are available for the public, it&#8217;s clear that internet vandals are able to use them as well as other tools with which they&#8217;re able to scan a number of sites and recognize know exploits. Also; I&#8217;d say that if your security posture is handled it&#8217;s likely that the vandal will move to the next target.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Change management<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Make sure your change processes are streamlined and you have the readiness to act quickly if your security is compromised. There are plenty of good examples of high graded vulnerabilities that are found from different vendors software at &#8220;difficult times&#8221; (holiday season) that need to be urgently patched or a configuration change needs to be applied to the environment asap to keep it running.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why should I care?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Accountability<\/strong> &#8211; If you&#8217;re working in IT like me &#8211; it&#8217;s our responsibility to either fix or mitigate known vulnerabilities or if we&#8217;re not able to change things directly, we need to make sure that the decision makers are aware of these things. Eventually if something goes wrong, someone needs to prove they have done everything in their power to avoid problems from occurring.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Professional pride<\/strong> &#8211; Calling oneself a <em>professional<\/em> holds a certain value to it. In IT, making sure security is covered is a built-in part of the job.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Timeline &#8211; <\/strong>I think it goes without saying, preparing and preventing the issues in advance is way less expensive and less harmful for the business than fixing them after an attack has already happened.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What should I do?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Contact Comping!<\/h3>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p class=\"wp-block-paragraph\">Comping provides a service called <a rel=\"noreferrer noopener\" href=\"https:\/\/comping.fi\/index.php?lang=en&amp;id=service-continuous\" target=\"_blank\">Instrument for Access<\/a>, which enables a managed and an easy way to get protected. The examples above merely scratch the surface of what we&#8217;re able to deliver for you.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Naturally we also provide <a rel=\"noreferrer noopener\" href=\"https:\/\/comping.fi\/index.php?lang=en&amp;id=service-consulting\" target=\"_blank\">consultancy services<\/a> for our customers which might just be what you&#8217;re looking for!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can also drop me an email (<a href=\"mailto:kari.ruissalo@comping.fi\">kari.ruissalo@comping.fi<\/a>) if you have any questions or comments!<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"600\" src=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/09\/profile-kari.png\" alt=\"\" class=\"wp-image-119\" srcset=\"https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/09\/profile-kari.png 600w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/09\/profile-kari-300x300.png 300w, https:\/\/blog.comping.fi\/wp-content\/uploads\/2023\/09\/profile-kari-150x150.png 150w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Check these articles<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">For the most part we rely on the vendors recommendations and stuff we have learned on the way. You may check some related articles from below:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">NetScaler SSL \/ TLS Best Practices, <a href=\"https:\/\/community.citrix.com\/tech-zone\/build\/tech-papers\/networking-tls-best-practices-2025\/\">https:\/\/community.citrix.com\/tech-zone\/build\/tech-papers\/networking-tls-best-practices-2025\/<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Citrix TIPs: Scoring an A+ with HTTP headers and Citrix Gateway, <a rel=\"noreferrer noopener\" href=\"https:\/\/www.citrix.com\/blogs\/2021\/08\/31\/citrix-tips-scoring-an-a-with-http-headers-and-citrix-gateway\/\" target=\"_blank\">https:\/\/www.citrix.com\/blogs\/2021\/08\/31\/citrix-tips-scoring-an-a-with-http-headers-and-citrix-gateway\/<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Word of advice though; if you&#8217;re running any legacy endpoints or have some other variables in your environment that might get impacted by strenghtening your security posture, be careful.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This series discusses on the security on higher level so it doesn&#8217;t get too technical and is aimed for IT service owners and decision-makers. Focus is on prevention rather than the aftermath after something&#8217;s gone wrong. Update 16th Sep 2025! TLS Best practices link updated Topics Why &#8211; Why someone tries to access the <a href=\"https:\/\/blog.comping.fi\/?p=21\" class=\"more-link\">&#8230;<span class=\"screen-reader-text\">  Security basics, part 1 &#8211; Why?<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-21","post","type-post","status-publish","format-standard","hentry","category-introduction","category-security"],"_links":{"self":[{"href":"https:\/\/blog.comping.fi\/index.php?rest_route=\/wp\/v2\/posts\/21","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.comping.fi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.comping.fi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.comping.fi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.comping.fi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21"}],"version-history":[{"count":44,"href":"https:\/\/blog.comping.fi\/index.php?rest_route=\/wp\/v2\/posts\/21\/revisions"}],"predecessor-version":[{"id":346,"href":"https:\/\/blog.comping.fi\/index.php?rest_route=\/wp\/v2\/posts\/21\/revisions\/346"}],"wp:attachment":[{"href":"https:\/\/blog.comping.fi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.comping.fi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.comping.fi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}