Current Filter: Network>>>>>Feature>

   

At the centre of the IT infrastructure is the enterprise network. Needless to say, network security should be a constant consideration for network managers, especially when deploying emerging technology such as the Internet of Things (IoT) and software defined networking. Although security might be embedded into new technologies - and there's no guarantee - if the underlying network is not secure then vulnerability will increase.

Recent high profile security breaches including Ashley Madison, VTech and Time Warner have again raised general awareness of security and its importance. Too often we hear that breaches could have been prevented or their impact reduced. The following network security basics can help to achieve this.

CONSTANT NETWORK MONITORING WITH CHANGE CONTROL
Any network change can have significant network impact; areas include overall stability, security, capacity and the ability to forecast cost and make realistic business risk assessments. It's important that network managers stay on top of all changes being made, and one way to do this is to enforce a clear change control process for the team to follow. It must clearly set out what procedures are to be followed if a situation of significance arises, and it must help the team to select the correct course of action, all of the time.

Monitoring and automated management play a huge role in increasing the confidence of network managers. Monitoring and alerting for network changes, reinforced with automated actions, for example to either restore known-good configurations or to place a changed device into a quarantine type setting until the change is reviewed, greatly decrease the impact of changes that have circumvented a human review process.

COMPLIANCE: UNIVERSALLY VITAL
All companies should develop internal policies that help them to meet compliance standards. This is true even if they operate without external regulation, as it helps to ensure that everything is being done to safeguard security. To achieve this can be as simple as making sure that the corporate banner appears on all network device login screens, or that consistent protocol settings are used, such as SNMP strings and Syslog destinations. And once again, automation helps. Backups of device configurations should be made regularly and scanned for changes. Those same configurations can be checked against policy templates so that any configuration setting that violates a specified standard, whether it's internal or external and including SOX and HIPAA, can have that variance flagged and even automatically remediated.

STANDARDISED NETWORK INFRASTRUCTURE
Traditionally, IT departments deploy configurations by using a standardised template. However, this can quickly transform as configurations develop, making it tricky to maintain the original template.

Standardisation makes it simpler to implement efficient processes which can be used to quickly and efficiently update the infrastructure, ensuring that all devices are adhering to policy. Without standardisation there is no guarantee that everything is correctly configured, meaning that simple attacks are successful. However network managers need to be aware that for technicians it's nearly impossible to be completely familiar, from memory, with the configuration of even one moderately sophisticated device, let alone dozens, or hundreds. Therefore, the network manager must ensure that network infrastructure is standardised to help reduce the potential for security breaches.

Automation and monitoring have a role here as well. By using an automated tool to back up device configurations and compare those backups to the previous version, it is much easier and faster to spot changes and react. Additionally those historic backups essentially create their own template, along with current updates. This then simplifies the task by taking an existing device configuration, applying the necessary adjustments, and pushing it out to selected devices. Network managers secure in their role, produce secure outcomes. NC