Strengthening Network Security
Strengthening network security is vital to your organization. Check out the tips below to ensure you are well protected.
Leave no host forgotten, know your hosts (all of them)
Any and every device capable of wired or wireless access with an IP address should be known in your environment. This goes beyond desktops, laptops, servers, printers, IP phones, and mobile devices. The "Internet of Things" presents a larger potential footprint of hosts including environmental monitoring and control devices, security cameras, and even things like vending machines. IoT devices all run operating systems that have the potential to be compromised by hackers and used as a platform for performing reconnaissance of your network for more valuable assets. Ensure inventory lists are valid by performing routing network scans to identify unknown devices.
Understand your users’ behavior
Knowing the culture and habits of users, like when and where they work, is important for establishing baseline behavior patterns. Also, the types of work they do online such as researching, downloading software, and uploading files will vary greatly by industry. For example, users at a law firm are not going to have the same internet usage behavior as users at a software development company. Even within an organization, there will be differences between administrative and technical engineering user behavior. Knowing the behavior of your users will make it easier to identify what is normal versus abnormal network traffic.
Understand what talks to what and why
The network traffic patterns in your organization should represent the usage of critical business applications that users need to do their job. Understanding these traffic flows is critical to building effective security policies for ACLs, stateful firewall policies, and deep packet inspection rules on network security devices. This applies to traffic within your internal private networks, what is allowed in from the outside, and especially the type of traffic allowed to leave your organization.
Control what is running on your hosts
The more applications and services running on a host, the more potential for exposure to software vulnerabilities. Software updates are important for bug fixes and new features but security related fixes to applications are critical. Limit the types of applications users may install to reputable software vendors that take security updates seriously. Staying current with operating system security updates is even more important. Situations when legacy applications require older EOL operating systems to run on your network should be monitored very closely and if possible should be segmented to dedicated VLANs.
Know your data & control your data
Understand the data that is critical to your business and classify that data into different levels of sensitivity. You must ensure that encryption is used when transmitting highly sensitive data across the network as well as limit access to sensitive data to only those who require it. It is important to implement effective logging on all devices that store and transmit sensitive data and perform routine checks of your backup solutions to ensure the integrity of critical data backups.
Monitor and control your perimeter (egress too!!)
The network perimeter of your organization includes Internet and WAN connections but also wireless access points. All three of these perimeter pathways need to be protected with the highest levels of access restrictions. Next-generation security appliances should be deployed on all perimeter segments to provide deep packet inspection, content filtering, and malicious URL inspection. Centralized logging of network and security devices using a security information event management (SIEM) solution is vital for analysis and correlation of logging data.
Train your users: they are your weakest link and your best defense
Deliver routine end-user security awareness training to keep users up to date on ways to recognize suspicious email content and websites. Perform routine experimental phishing campaigns to determine how well users are able to identify suspicious emails. Review policies with users on how to manage sensitive data. Make sure users are aware of non-technical methods used by hackers such as social engineering tactics to extract information about your organization.
Implement strong authentication controls
Use multifactor authentication for wireless and VPN remote access whenever possible. Restrict the usage of local user accounts and require complex passwords that must be changed regularly. Implement 802.1x security on wireless LANs as well as wired network connections that are accessible to common areas in your facility.
By Kevin Dresser, Solutions Architect