Thwart threats by abiding to network security fundamentals

#1 Prioritize full network visibility

According to Ryan Hadley, COO of Signal Forest, today’s IT leaders know they need to be aware of everything in their network. But this isn’t always easy to do. “CIOs who want visibility on all wired clients have to look at all of the switching infrastructure and what switches are capable of in terms of higher end security like 802.1X, etc.,” he said. “They need to be able to tell what types of devices are in use, where they are connecting to, what kind of access has been given to them by default, and if all the network access controls fail, whether the system is failing open or closed.”

One of the network security fundamentals on the wireless side is to maintain full transparency about each connected device and provide special pages for each user to register their own device for specific network access. These are best practices. The fact the “edge” will disappear and the core network will expand outward doesn’t mean location no longer matters. In Hadley’s view, the knowledge of where a device is located doesn’t just determine what type of access is allowed. Location data can also be used to identify potential intrusions. For example, if a worker is logged in from the on-site network and then signs in from a smartphone fifty miles away, that’s a red flag.

#2 Do away with PSK

In Hadley’s view, “Companies that still have PSK networks are quickly discovering that they are the ones that are most liable for a breach. Everyone is migrating away from blanket level access to a more role-based security access point where you are a user with certain privileges that are representative of a particular role assigned based on access directory credentials, your title in the company, the type of device being used, where you are connecting, etc. They also want to move to 802.1X where there’s a cert that’s pushed out to each of the connecting devices and you’ve got a cert that’s on the server that’s facilitating the e-transaction.”

#3 Network security fundamentals are changing

Many of today’s enterprises are complacent and rely on network security techniques that were helpful in the past but are no longer pertinent today, said Brian Engle, cybersecurity consultant and risk advisor. “They aren’t hunting for their own weaknesses,” he explained. “Instead, they are reliant on things that have perhaps worked in the past such as firewall technology or anti-virus measures. They haven’t considered that most of their business processes are extended into software services in the cloud or places that their defensive measures aren’t currently reaching.”

#4 Never leave the door open for physical intrusion

One of the oldest network security fundamentals is to simply limit direct physical access to the network. An open USB port is like an unlocked car door; it can give data thieves deep access into a network.  “Physical security of devices is paramount to correctly configuring your firewalls,” Hadley said. “If you have a public facing location and you have USBs on those computers, you don’t want those to be active. You want them shut down. Or, at the very least you want to have a policy in place. This might be something at the Microsoft level or having a PC management program running that will lock down that USB port—or at least alert someone that a USB has been put into that slot and determine if it is OK to use.”

#5 Check and double check—then hire someone else to check

Both experts agreed a third party should perform penetration testing.  “Having someone else test what you have in place has a lot of value,” Engle said. “When you’ve built it, you see it through rose-tinted glasses. You may think you can see the holes better because you constructed it. But you want to have someone else looking at it from a different vantage point—especially someone whose sole focus is getting good at breaking into networks. They bring a different skillset and mindset than someone who is building things from a defender’s point of view. Having someone else checking and trying to break the things you built will reveal weaknesses you couldn’t see otherwise.”

#6 Don’t ignore the human factor

Attacks can happen when things are sent to individual users too, Engle pointed out.”When users click, it activates ransomware or something else that could lead to infiltration into the environment or exfiltration of data. Each of those things need to be detected. Most detection is based outward rather than looking inward at what might be leaving. And a lot of enterprise security programs aren’t built to see the things that evaded what the traditional security measures would catch.”

While education and encouragement can help users avoid attacks, the classroom doesn’t always simulate the pressures that occur in real life when a target is being tempted, distracted, or frightened into clicking on a suspicious link or opening a potentially dangerous attachment. That’s why it is critical for organizations to plan in advance to detect these attacks promptly, respond swiftly, and recover fully.

#7 Understand the purpose and importance of the security environment

Engle spoke to the short-sightedness of approaching security as a challenge that is solved solely with technology. “It’s important to start a conversation about strategy and objectives to reduce risk rather than just building a security stack with various technologies.” Much like DevOps, security is not a set of tools to buy, but a cultural change to implement.

Finally, enterprises should take advantage of the real-life examples hitting the media to inform their own security strategies and ensure that those strategies address all network security fundamentals and best practices. Organizations need to start asking, “What if what happened to Equifax or Facebook happened to us? What then?” While it’s not pleasant to contemplate, it’s certainly the best way to highlight why security should be taken seriously, no matter the apparent cost.​