UDP Traffic, The Database, And The NIST Framework

The Questions

This is a paper I wrote for my cyber security course at WozU. The questions were as follows. Why would you want to block UDP traffic? Why is the database important? Why is it important to keep logs? What is the NIST Framework?

Why would you want to block UDP traffic with snort?

UDP (User Datagram Protocol) is a connectionless protocol, it is much better than TCP (Transmission Control Protocol) in things like video chat, VoIP (Voice over IP), and online video games. If I were a company and I wanted to stop my staff from doing any of these, especially video games, I would set snort to alert on UDP traffic. With this said, you would only want to alert on this traffic and not stop it. If you stop it all together, you run the risk of people not being able to accomplish tasks at work.

Why is the database important? Why is it important to keep logs?

The database is everything to A company, it keeps all the information you have on it. Depending on the type of database it is you might have confidential information on it. This would be particularly important not only to protect but also log who was always using it. If this traffic is not logged and a threat actor was to perform an attack, you would not know where the attack came from. Thanks to the logs we can know what IP was used and what credentials were used.

Why is the database important? Why is it important to keep logs?

The NIST Cybersecurity Framework is a thought-provoking Idea of basic concepts to follow at the highest level. This is not an exact protocol to follow, but a framework that will help you create a more detailed security department and policies. That said, the concepts and ideas put forward in this document were made by senior government agencies and important prominent individuals from the private sector.

The NIST Framework at its core constitutes four sections: Functions, Categories, Subcategories, and Informative References. The images below were published on ifsecglobal.com and I believe gives a proper representation of the Framework when done correctly.

The main takeaway is Identify, Protect, Detect, Respond, Recover. If I had to put these in my own terms, find the issues, fix the problems, detect possible new problems, respond to possible new problems and recover when the inevitable attack occurs. To do all of this properly you and your team must put policies and procedures in place. These policies and procedures must be backed by tried-and-true methods.

Leave a Comment

Your email address will not be published. Required fields are marked *