No matter what type of organization you have, you always run the risk of a network security issue. There are internal risks, of course, and every business has connections to outside vendors that introduce your network to the unknown.
Any starting point with a connection to the unknown presents a potential risk. From dedicated banking to suppliers, even your WiFi opens your organization up to network security issues.
Business must proceed, though.
You must learn the necessary steps to limit the risk of such problems, as well as how to protect your network and data from the hackers lurking outside of your security perimeter. It's important to build a foundation of security, starting with Level 1.
Level 1: Identify Your Access Points
First and foremost, you need to understand where hackers could access your network. These are the areas of your network where you need visibility – complete and unimpeded.
If identifying your network’s access point is Step 1A, monitoring what hackers are doing outside of these points is Step 1B. With knowledge of what is happening outside of your security perimeter, you are more prepared to thwart potential attacks.
For instance, if you see that you’re getting port scans from a certain IP address, you could simply block that IP address and eliminate the threat long before it gets into your network.
Level 2: What Does Your Normal Traffic Look Like?
How do you know what kind of traffic indicates a preeminent attack if you don’t know what your typical network traffic looks like?
Think about this fundamental vision in terms of your relationship with your medical provider. Your doctor doesn’t treat you the same way he or she treats other patients. After all, your body functions and reacts differently than the person in the waiting room. Knowledge of your baseline vitals and medical history helps inform your doctor’s decisions.
Similarly, you must always monitor your network traffic to determine what activity is normal and what is not. Establish a baseline of normal traffic flow inside of your network. What kind of IP traffic is typical? What kind of traffic do I see through my firewall(s)?
Level 3: Ensure 100% Traffic And Data Capture With Unhackable Security Tools
A fundamental principle of network security is that your devices cannot be compromised. Especially as it relates to capturing data, you need complete network visibility to know exactly what’s happening on all layers of your network.
Switches and their SPAN ports can be hacked and reprogrammed to hide data loss or other network security issues. Network TAPs, on the other hand, are a physical security device that cannot be compromised or hacked.
If you used security cameras outside of your building, you wouldn’t be comfortable with them working only part of the time or with someone having the ability to shield their lenses. So, why would you be comfortable jeopardizing your view into and outside of your network?
Level 4: Leverage Firewalls
There are a number of different types of firewalls, from traditional firewalls to web and application firewalls.
Leveraging firewalls is an important initial step to screen out hackers, viruses and worms. However, they cannot be your only line of defense. A firewall is a bare-minimum, sensitive device that can be attacked or flooded, and it also needs to be programmed correctly in order to do its job.
Level 5: Segment Your Network By Areas That Need Visibility
No two networks are identical. There is no all-encompassing structure for how you should segment your network. How you do so should be determined on a diagnostic level and based on your network requirements. Break it down by percentages to determine where you need visibility, and place network TAPs in these areas.
For example, your diagnostics might show traffic as follows:
20% Business Application
15% Miscellaneous Applications
- 10% Browsing
In this example, you certainly want to ensure visibility into your email traffic.
With network TAPs outside of your security perimeter and in critical network layers, you have greater control over potential network security issues.
Level 6: Next-Level Security Tools
The “next-level” implementations include:
Data capture or forensics boxes
Intrusion prevention/detection systems
SSL decryption devices
Many organizations invest a great deal into such applications and devices, but their success is dependent on addressing the preceding five levels first.
With a network designed for security from the ground up, you are far more likely to thwart attacks and the many security issues threatening your network. Ready to learn more? Download our whitepaper today: How to Optimize Network Design in Security Projects