By: Jonathan Taylor
Security is one of those concepts that sits in the back of one’s mind but is never put into practice until something happens. Ever heard the comment “I have an antivirus and a firewall. I should be ok?” In fact, that is where security starts. Security involves aspects like intrusion prevention/detection, physical security, network access control, policies and more.
The simplest aspect is physical security. Physical security includes things like making sure networking equipment is inaccessible to average users. This could include things like locking cabinets or placing the equipment in rooms where only administrative staff has keys. Also this includes having cable locks on computer equipment so that it is not stolen from the office. This is not a warning saying that everything needs to be chained to a desk, but this does help small companies that do not have some type of tracking system to see who comes and goes from the office to keep people from coming in late at night and taking valuables. Another portion of security is tracking employees via something like a card entry system. This will allow an employer to track employees to help with theft and other security related issues.
Next would be network access control. This refers to such things like system authentication via Microsoft Active Directory. This type of security can be applied as far down as the network layer. This is usually done with things like 802.1X authentication at the switch so that users can access network resources. Beyond this an engineer can also deploy access control lists (ACL’s) that will restrict what network resources the user has access to. There are products that have been introduced to the market that will allow an engineer to not only do 802.1X authentication but will also allow them to do such things like finger printing the operating system of the machine, do posturing of the machine to make sure it has the proper firewall along with antivirus, authenticate the user, and deliver downloadable ACL’s to that user based on username. This gives an administrator greater and tighter restrictions on the network to help prevent data theft from authorized and un-authorized users.
Intrusion prevention/detection is a very useful tool that most people overlook. Company A has a firewall to keep people out. It’s doing its job by disallowing all people from getting in but allowing all traffic out. Ports have been opened on the firewall to allow the public to access things like e-mail, web sites, SQL databases, etc. There is a hacker that is sitting in a coffee shop two states away that is running port scans against Company A’s firewalls. The hacker finds that a random port is open for the server that hosts Company A’s website. The hacker in a typical fashion tries to exploit this weakness to gain entry into the system. If there is a IPS in place it can detect the hacker trying gain access and actually prevent them from getting into Company A’s private network. This could help save a company from losing valuable information like financials, top-secret information, client lists, and so forth.
I am not saying that an engineer should go out and buy every security product under the sun to protect a network. I am trying to say that these threats are there and that security shouldn’t be an afterthought or reactive, but be proactive. As technology changes and evolves and the world becomes more mobile additional vulnerabilities will arise. Unless we use the technologies that are available to at least stay current to protect ourselves then we could all be at risk to losing something valuable.