From the Blogosphere
A Secure Cloud Network | @CloudExpo #IoT #Security #Microservices
It’s obvious there is a need to keep network security best practices front and center
Dec. 19, 2015 06:45 PM
Do’s and Don’ts to Achieve a Secure Network
Naturally, new and exciting technologies and trends like software defined networking, the Internet of Things and the cloud tend to get the lion's share of attention these days, including when it comes to security. However, it's important to never forget that at the center of it all is still the enterprise network.
And as evidenced by the ever-expanding landslide of data breaches that could have been prevented or at least their impact lessened by better practicing network security basics, it's obvious there is a need to keep network security best practices front and center. Thus, what follows is a recap of the basic, but critically important do's and don'ts of achieving a truly secure network.
DO: Standardize Your Network Infrastructure
Non-standardized network infrastructure can significantly increase the complexity of monitoring and managing it, especially when it comes to security. Typically, IT departments use templates to deploy configurations. Thus, they often start somewhat standardized, but entropy quickly does its work and configuration drift rapidly makes it hard to see the original template. Also, new initiatives and policies aren't always deployed consistently, especially in heterogeneous environments where vendors implement functionality in different ways. Standardizing makes it much easier to have efficient processes to quickly and easily update the infrastructure and ensure that all devices are in policy. This helps minimize the risk of being breached by a simple attack with known defense strategies, but could nonetheless be successful due to poor ability to ensure everything is configured correctly because of a lack of standardization.
DO: Have a Clear Change Control Process
A clearly defined change control process, including simple checks and balances to detect when changes don't follow the process and how to react in those scenarios, is of utmost importance. This will help administrators ensure that changes are being made under the supervision of a change approval. It also enables real-time tracking of changes that are not authorized. This is all critical because such changes have an effect on the network as a whole in terms of security, capacity planning, forecasting cost, business risk assessments and much more.
DO: Implement Compliance Awareness
Compliance is not just for the healthcare and finance industries. Yes, those industries are the most well-known for having external compliance regulations, but compliance shouldn't just be thought of as an external requirement. Even if a company operates without any external regulations, it is still a wise practice to develop internal policies to help clarify what's important and make sure all the right things are being done to secure them. In other words, being intentional about security versus ad-hoc. This should be an ongoing process and adjusted as new implementations and policies arise.
DON'T: Operate Under an "If it Ain't Broke, Don't Fix it" Mindset
The old adage "if it ain't broke, don't fix it" should never apply when it comes to network security. Operating with such a mindset has caused plenty of vulnerabilities to come to light after a breach. Instead, administrators should regularly take inventory of their networks, which will reveal vulnerabilities in time to resolve them before a breach. As part of this process, it's important to not overlook inventorying network devices with past or approaching end-of-life and end-of-support deadlines.
DON'T: Use Outdated Technology
This may seem obvious, but using outdated security technology, insecure protocols or outdated device firmware are all too common. For example, Telnet is still regularly used on corporate networks, but it's also tremendously outdated. Neglecting to keep security technology and device firmware updated and/or upgraded is a sure way to open the door to attack.
DON'T: Ignore BYOD
BYOD is no longer considered a perk - end users in virtually all organizations regardless of size or industry expect to be able to connect personal devices to corporate networks. With the addition of these new devices connecting to networks, network security concerns at least double. To address this, engineers need to track and manage IP addresses as well as monitor the resources these devices are accessing. This will ensure organizations' applications are performing properly while being on the lookout for potential anomalies that could be signs of a data breach or attack.
It's important to not overlook these basics of securing corporate networks, making an occasional refresher of the simple do's and don'ts imperative. By following the simple do's and don'ts outlined here, network administrators can have higher confidence that their networks are secure.