<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

The 6 Levels Of Thwarting Network Security Issues

August 9, 2018

cyber-security-cybersecurity-device-60504

No matter what type of organization you have, you always run the risk of a network security issue. There are internal risks, of course, and every business has connections to outside vendors that introduce your network to the unknown.

Any starting point with a connection to the unknown presents a potential risk. From dedicated banking to suppliers, even your WiFi opens your organization up to network security issues.

Business must proceed, though.

You must learn the necessary steps to limit the risk of such problems, as well as how to protect your network and data from the hackers lurking outside of your security perimeter. It's important to build a foundation of security, starting with Level 1.

Level 1: Identify Your Access Points 

First and foremost, you need to understand where hackers could access your network. These are the areas of your network where you need visibility  – complete and unimpeded.

If identifying your network’s access point is Step 1A, monitoring what hackers are doing outside of these points is Step 1B. With knowledge of what is happening outside of your security perimeter, you are more prepared to thwart potential attacks.

For instance, if you see that you’re getting port scans from a certain IP address, you could simply block that IP address and eliminate the threat long before it gets into your network.

Level 2: What Does Your Normal Traffic Look Like?

How do you know what kind of traffic indicates a preeminent attack if you don’t know what your typical network traffic looks like?

Think about this fundamental vision in terms of your relationship with your medical provider. Your doctor doesn’t treat you the same way he or she treats other patients. After all, your body functions and reacts differently than the person in the waiting room. Knowledge of your baseline vitals and medical history helps inform your doctor’s decisions.

Similarly, you must always monitor your network traffic to determine what activity is normal and what is not. Establish a baseline of normal traffic flow inside of your network. What kind of IP traffic is typical? What kind of traffic do I see through my firewall(s)?

Level 3: Ensure 100% Traffic And Data Capture With Unhackable Security Tools

A fundamental principle of network security is that your devices cannot be compromised. Especially as it relates to capturing data, you need complete network visibility to know exactly what’s happening on all layers of your network.

Switches and their SPAN ports can be hacked and reprogrammed to hide data loss or other network security issues. Network TAPs, on the other hand, are a physical security device that cannot be compromised or hacked.

If you used security cameras outside of your building, you wouldn’t be comfortable with them working only part of the time or with someone having the ability to shield their lenses. So, why would you be comfortable jeopardizing your view into and outside of your network?

IT Security threat detection


Level 4: Leverage Firewalls

There are a number of different types of firewalls, from traditional firewalls to web and application firewalls.

Leveraging firewalls is an important initial step to screen out hackers, viruses and worms. However, they cannot be your only line of defense. A firewall is a bare-minimum, sensitive device that can be attacked or flooded, and it also needs to be programmed correctly in order to do its job.

Level 5: Segment Your Network By Areas That Need Visibility

No two networks are identical. There is no all-encompassing structure for how you should segment your network. How you do so should be determined on a diagnostic level and based on your network requirements. Break it down by percentages to determine where you need visibility, and place network TAPs in these areas.

For example, your diagnostics might show traffic as follows:

  • 30% Email

  • 20% Business Application

  • 15% Video

  • 15% Miscellaneous Applications

  • 10% VoIP

  • 10% Browsing

In this example, you certainly want to ensure visibility into your email traffic.  

With network TAPs outside of your security perimeter and in critical network layers, you have greater control over potential network security issues.  

Level 6: Next-Level Security Tools

The “next-level” implementations include:

  • Proxy servers

  • DDOS applications

  • Data capture or forensics boxes

  • Intrusion prevention/detection systems

  • SSL decryption devices

  • And more

Many organizations invest a great deal into such applications and devices, but their success is dependent on addressing the preceding five levels first. With a network designed for security from the ground up, you are far more likely to thwart attacks and the many security issues threatening your network. 

Looking to add IT Security solution to your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

IT security garland Technology tool deployment

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES