Saturday, December 1, 2012

Enhancing Your Security at the Edge: Part 1 of 2

I think many of us can agree that the network perimeter as we’ve known it is no longer. In this two-part blog series we won’t spend time on the reasons for this (There are many and you can listen to my podcast on the Disappearing Network Perimeter to hear about these), but we will review a few methods to harden your perimeter from attack and include ways to manage and reduce the complexity of your network in the meantime.

When it comes to your network edge, the first devices to examine are your routers and firewalls. These devices are most commonly found in the network and are also most commonly an area of weakness. Here are just a few “bumps in the road” that I’ve seen when it comes to these devices:
  • Network perimeterI’ve seen many networks that have old versions of software running on their perimeter devices mainly because the network admins are comfortable with the version they’re running, or they don’t want to risk the downtime or issues of upgrading to a more stable and secure version. Outdated software gives attackers an opening to exploit. You could have the best policies in place to filter traffic at the edge, but if your devices aren’t up-to-date with the latest OS, you’re giving the bad guys an easy way in.
  • Not having the appropriate access control on these devices is another common oversight. Who has the ability to make changes to these systems? Should these personnel be able to make them at any time? Even though access control is more of an internal issue, it’s still needed to protect your perimeter from attack.
  • Don’t forget about your firewall rulesets and router ACLs! Firewalls and routers are designed to ALLOW traffic through them. I know we often think of them the other way around, especially with firewalls, but these are in place to forward traffic back into your network. While a big part of their job is to block traffic, they’re ultimately in place to ALLOW traffic into your network. Ultimately, just because a ruleset is locked down to certain ports, doesn’t make your network secure. This is where IPS/NGFW technology comes into place, but we’ll get to that in the next article.
You can read the rest of my article at http://blog.algosec.com/2012/11/enhancing-your-security-at-the-edge-part-1-of-2.html

No comments:

Post a Comment