In the past six months, how many times have you reviewed the network infrastructure to discuss a more secure or resilient configuration. From our experience, this is extremely rare; most businesses focus on service issues on the network. Simply put, they do not prioritise time to think more holistically, about how the network could offer a strategic advantage.
Network architecture is often viewed as support, something that keeps the core business competencies running, a connection across the organisation and a link to the rest of the internet. Unfortunately, this also means after implementation, unless something goes wrong, the network is largely forgotten. This ‘if it isn’t broken...’ mind-set, encourages complacency. By maintaining a connection across the business, into the internet, we are simply waiting for malicious and accidental hackers to do their worst.
Instead, we should discuss how organisations can start using what they already have in place to better protect and mitigate the damage from those who would do harm. Below James and I have prioritised our top three priorities to making your network more secure and resilient.
- Segregation – Creating Containers
- Breaking the network up into logical segments (VLAN’s) can minimise compromise from malicious actors or code. Network segments can go into lockdown to stop the infection spreading further, and compromised devices can be identified, which then will allow for faster remediation
- Leverage inter-VLAN routing to allow, deny and inspect traffic between business critical devices
- Implement trust classification, based on known or expected behaviour, which identifies not only unusual activities, but also the unknown
- VLANs will allow for traffic shaping, and prioritise business critical traffic to improve that vital end user experience – distorted voices on VOIP calls could be a thing of the past!
- Often an afterthought but VLANs can also assist in creating a scalable network.
- Logging and Monitoring – Your eyes and ears
- Network performance and uptime monitoring is essential for troubleshooting and giving you the ability to fix issues before they snowball out of control. Once implemented you’ll wonder how you ever functioned without it!
- A central repository for networking device logs (and any other device that has logging capabilities for that matter) is invaluable, these can be analysed in real time and give you another amazing view of your network.
- Redundancy and Resiliency – The rule of two and coping with loss
- The rule of two for your business critical networking devices and connections – Firewalls in highly available clusters and redundant connections to intermediate aggregators
- Networking device failures happen, so building in resiliency is key. With a properly implemented resiliency plan, device failures become transparent to the end user and those “is the internet down!?!” questions become a thing of the past.
Whilst network architecture is critical to your holistic security programme, it is vital piece that networks work to the in such a way that it goes unnoticed by the typical user, whilst still providing critical information to the Security Operations Centre / Incident Response Team as needed.