1 WORKSPACE TIPS & TRICKS: SECURING & MANAGING YOUR NETWORK IT Management Made Simple Best Practices: Securing and Managing Your Network Summary What does a secure and reliable network mean to you? This question can be answered in several ways: As a network engineer or network security professional, it means that the network has been configured and is managed proactively to prevent or detect breaches or malicious activities as early as possible. The network is continuously monitored to prevent outages or minimize their effect. As server administrator or data management professional, it means that information stored and accessed through the network is protected and can only be opened and viewed by those who are authorized. As a CIO or CSO, it means that the network is dependable to ensure business continuity and that adequate systems and controls are in place to prevent loss, control risk and prove compliance with all applicable laws or industry initiatives for the protection of patient, consumer or financial data. In this whitepaper, we discuss some of the best practices that can be implemented for your network security and management initiatives. A Compromised Network: How much will it cost? Over the past few years, many highly-publicized network security breaches have occurred where consumer or private health information was accessed and downloaded through illegal means. The most unfortunate part of some of these penetrations is that they went undetected until the some of the people whose information was stolen noticed suspicious activities or were notified by credit reporting bureaus. The average cost of mitigating a consumer data theft event depends on the information compromised, but is usually in the range of $400.00 to $1,000.00 per individual. Added to the equation are any fines or penalties for non-compliance with federal laws or loss of industry certification such as PCI-DSS. And finally, of course, the intangible costs of customer goodwill and corporate reputation. Back to Basics You have locked down your network as tightly as you can. You’ve disabled TCP and UDP ports, isolated the company web server at a service provider, set up a DMZ for secure file transfer, kept server OS and security patches up-to-date, invested in various security technologies, et cetera. Don’t sit back and pat yourself on the back for a job well done now that everything is secure, because it isn’t. Implementation is only the initial starting point of a good data protection and network security strategy. Maintaining network integrity and protection of data, whether corporate or customer information comes back to a basic proactive and nonstop effort. Let’s look at some of the key best practices that reflect this back-to-basics strategy. Best Practice #1: Network Inventory and Assessment Establishing an effective management and security strategy starts with knowing where everything is, what it is, and how everything is connected. You should run regular discoveries on your network to understand if any type of connectivity or other changes have occurred and if any unauthorized devices have been added. Layer 2 and 3 topology maps generated by a comprehensive discovery process directly support compliance efforts such PCI-DSS. If you don’t have a network management solution that provides integrated layer 2 and layer 3 discovery, find one.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1Workspace Tips & Tricks: securing & Managing Your neTWork
IT Management Made Simple
Best Practices: Securing and Managing Your NetworkSummary
What does a secure and reliable network mean to you? This question can be answered in several ways:
As a network engineer or network security professional, it means that the network has been configured and is managed proactively to prevent or detect breaches or malicious activities as early as possible. The network is continuously monitored to prevent outages or minimize their effect.
As server administrator or data management professional, it means that information stored and accessed through the network is protected and can only be opened and viewed by those who are authorized.
As a CIO or CSO, it means that the network is dependable to ensure business continuity and that adequate systems and controls are in place to prevent loss, control risk and prove compliance with all applicable laws or industry initiatives for the protection of patient, consumer or financial data.
In this whitepaper, we discuss some of the best practices that can be implemented for your network security and management initiatives.
A Compromised Network: How much will it cost?
Over the past few years, many highly-publicized network security breaches have occurred where consumer or private health information was accessed and downloaded through illegal means. The most unfortunate part of some of these penetrations is that they went undetected until the some of the people whose information was stolen noticed suspicious activities or were notified by credit reporting bureaus.
The average cost of mitigating a consumer data theft event depends on the information compromised, but is usually in the range of $400.00 to $1,000.00 per individual. Added to the equation are any fines or penalties for non-compliance with federal laws or loss of industry certification such as PCI-DSS. And finally, of course, the intangible costs of customer goodwill and corporate reputation.
Back to Basics
You have locked down your network as tightly as you can. You’ve disabled TCP and UDP ports, isolated the company web server at a service provider, set up a DMZ for secure file transfer, kept server OS and security patches up-to-date, invested in various security technologies, et cetera. Don’t sit back and pat yourself on the back for a job well done now that everything is secure, because it isn’t. Implementation is only the initial starting point of a good data protection and network security strategy. Maintaining network integrity and protection of data, whether corporate or customer information comes back to a basic proactive and nonstop effort.
Let’s look at some of the key best practices that reflect this back-to-basics strategy.
Best Practice #1: Network Inventory and AssessmentEstablishing an effective management and security strategy starts with knowing where everything is, what it is, and how everything is connected. You should run regular discoveries on your network to understand if any type of connectivity or other changes have occurred and if any unauthorized devices have been added. Layer 2 and 3 topology maps generated by a comprehensive discovery process directly support compliance efforts such PCI-DSS. If you don’t have a network management solution that provides integrated layer 2 and layer 3 discovery, find one.
2Workspace Tips & Tricks: securing & Managing Your neTWork
IT Management Made Simple
Best Practice #2: Network and Device PasswordsThis best practice is very simple: Over 60% of devices in a network will still have the default User ID (UID) and password. Change the manufacturer default UID and password before you ever connect the device to the network. Rotate passwords every month and don’t use birthdays, children names or spouse names. It seems pretty straightforward, but check your own network and you might be surprised what you find.
Best Practice #3: Network Performance BaselineDo you know what the normal behavior of your network looks like? If not, how are you going to know what abnormal behavior looks like? You need to establish a performance baseline over a period of time. When do normal traffic peaks and valleys occur? What types of traffic are on the network? What protocols? What are the sources and destinations of traffic? Armed with information about traffic patterns and performance, you can quickly ascertain if abnormal behavior is occurring. Tracking traffic anomalies can help you quickly detect the introduction of viruses and worms into the corporate network, unauthorized application usage or abuse of file sharing applications, video and streaming audio. Flow monitoring (NetFlow, jFlow and sFlow) is a great tool to leverage in creating your traffic and performance baseline and should be part of any network management professional’s toolkit.
Accurately identify, map and inventory your network—devices, interdependencies, and locations.
Receive real-time alerts on bandwidth usage violations.
3Workspace Tips & Tricks: securing & Managing Your neTWork
IT Management Made Simple
Best Practice #4: Change ManagementNetworks are built from individual devices that are configured to work together in an integrated fashion. It is essential to gather knowledge about the configuration of each device, establishing a baseline for network performance. In the event of a catastrophe, recreating the logical connectivity and security parameters is next to impossible without this vital information. Additionally, established configuration change controls allow for identifying any unauthorized changes to ACLs or other security-related configurations. Look for a network management solution that integrates configuration change control and provides an end-to-end audit trail for each change.
Best Practice #5: Review Syslog and Windows Event Logs
To ensure regulatory compliance as well as protection of key enterprise information such as customer credit card data, employee, patient or financial records and so on, you need to know who is accessing which systems and data and what end-users are doing at all times. For example:
• What if a nosy employee wants to look at confidential company financial data or a patient/employee record?
• Is somebody trying to hack into internal systems?
• What if a disgruntled employee has created a back door and is about to delete key customer information?
Records of all events taking place in your organization are being logged right now into log files across servers, workstations and networking devices, so take advantage of this capability.
Reviewing every log entry can be labor intensive, so any event and log management solution that you implement must have search, filtering, and alerting and notification capabilities. This allows specific abnormal events, such as an ACL or file permissions change on a file server by a non-administrator, to be immediately highlighted. Rapid parsing of Syslog and Windows Event Log files through an automated solution allows you to quickly react to potentially damaging events before they move beyond your control. In addition to providing analysis of Syslog and Windows Event Logs, an ELM solution should incorporate an archiving capability. Compliance initiatives, including SOX, GBLI and HIPPA as examples, impose secure storage requirements on log files for a period of 7 years.
Restore, delete, compare or view configuration history for any device in your network
4Workspace Tips & Tricks: securing & Managing Your neTWork
IT Management Made Simple
Best Practice #6: Continuous MonitoringDon’t take for granted that your network is secure. Most internal compromises or breaches from outside a network are a multi-step process. Once a weakness is found, they will return additional times to see if the penetration was discovered and the weakness fixed. Once they verify that they can access the network or any systems on the network without being detected, they will continue to try to access sensitive information.
Continuous monitoring of all network traffic, configuration changes and device logs, as well as comparisons of real-time data against an established baseline, provides advanced warning of impending failures or outages and can also identify potential external or internal sources that may compromise security.
Conclusion
Even if you have not had an incident, the probability that your network security will be or is being tested right now is very high. Once a breach or data disclosure has occurred, it is already too late; the event now becomes a risk mitigation exercise.
While some of the information detailed in this whitepaper may reflect some very basic concepts about network management and security, these best practices have been proven to work. Network and data integrity rely on not only the strength and sophistication of the solutions you have implemented, but on how you use them to protect and keep your network secure.
Leveraging all the above best practices will result in increased situational awareness and allow you to detect anomalies and threats before they become a full blown problem.
A single integrated monitoring and management strategy enhances your ability to defeat most every type of threat.
Streamline the process of collecting, storing, analyzing, alerting and reporting on log files for real-time security event detection and response, compliance assurance and forensics.
Related Documents
