How a Network Refresh Can Boost Security
Outdated networks are highly vulnerable to attack. A security-focused refresh can address the threat.
As technologies mature, organizations are leveraging their network infrastructures for longer periods. Yet one thing never stays the same: cyberattackers. In fact, evolving attack vectors represent a key reason for organizations to refresh their networks.
Security issues affect organizations in every sector, including manufacturers, retailers, energy providers, school districts, universities and government agencies. No organization is too big, too small or too specialized to escape the threat of a cyberattack.
Malware and other attack techniques have matured greatly in recent years. “Today, we see a proliferation of advanced persistent threats that users have unwittingly introduced to the network and an unprecedented surge in cybercrime,” says Klaus Gheri, vice president of network security with Barracuda Networks.
With attackers constantly scheming to steal data, cripple services and cause havoc, many organizations now look to network infrastructure refreshes as an effective way to stay ahead of the enemy.
Due to their static nature, legacy networks are particularly vulnerable to attacks. “Aging IT can’t support the move toward digital transformation securely or effectively,” says Judson Walker, chief technology officer of Brocade Federal. “A network refresh that leverages software, open source and open standards is a step in the right direction, providing organizations with visibility and automation so they can gain better control of their security.”
Brian A. McHenry, senior security solution architect for F5 Networks, notes that a network refresh provides the ideal moment for moving to more advanced and secure architectures. “In recent years, a network refresh has often meant network function virtualization (NFV) and software-defined networking (SDN), which create an unmatched opportunity to inject dynamic security controls into the network topology,” he says.
A complete network overhaul isn’t always necessary to improve security. Many providers offer easy-to-deploy network solutions that incorporate powerful security features. Firewalls built into routers, for example, allow IT staff to monitor incoming and outgoing network traffic and decide whether to allow or block specific traffic based on a defined set of security rules. A proven and reliable network security technology, firewalls create a barrier between secure internal networks and untrusted external networks, such as the internet.
“Leverage next-generation firewalls,” Gheri recommends. “These devices can identify traffic based on applications, and good next-generation firewalls can apply different traffic optimization techniques to different kinds of application traffic.”
An intrusion prevention system (IPS), implemented either as a device or through software, is a powerful tool that examines traffic flows to detect and block vulnerability exploits, an approach attackers frequently use to access or cripple an application.
Intrusion prevention is a standard feature incorporated into most next-generation firewalls. “It provides baseline security, but be aware that an IPS should not have a blind spot regarding Secure Sockets Layer encrypted traffic,” Gheri warns. “Encrypted traffic needs to be decrypted and then matched against malware signatures and payload needs to be inspected for advanced malware. “
Segmentation, a technique widely supported by network technology providers, splits a network into multiple sub-networks, commonly known as segments. The approach allows organizations to group applications and related data together for access only by specific users (such as sales or finance department staff members). This technique can also be used to restrict the range of access provided to a particular user.
Segmentation is perhaps the simplest way of improving an organization’s security posture, since access control focused on network address segments hampers cyberattackers. “It can also help to contain malware outbreaks,” Gheri says.
Emerging Network Security Threats
Network security currently exists in a state many industry analysts describe as “fluid.” In other words, as soon as an existing threat is nailed down, several more pop up.
Here’s a quick look at three network threats that keep security experts awake a night:
Ransomware: This malware blocks an organization’s access to applications or data until it pays a ransom to the attacker. For example, in December 2016, cyberattackers froze the computers and electronic room key system of a luxury hotel in Austria. The attack prevented guests from entering their rooms and staff from issuing new key cards until the hotel paid the ransom.
Internet of Things Attacks: Connecting systems and sensors via networks creates valuable benefits from organizations in every industry, but it also creates security risks. This threat is exacerbated by the fact that some IoT solution vendors don’t make security a priority.
Negligent users: Users have always posed a major network security threat. A single lazy or negligent user clicking on a phishing link or using a weak password, can crash an organization’s entire network security infrastructure. User training and strong policies should be used to bolster network security and mitigate this threat.
Management Tools and More
State-of-the art management solutions help IT staff keep a close eye on network traffic to detect security issues before they can grow into a crisis. Network mapping tools, for instance, help staff get a better handle on network security, since without access to up-to-date network diagrams and inventory lists, it’s difficult to know exactly what needs to be protected.
Content filtering is a useful technology for organizations that would like to keep certain types of objectionable materials from infiltrating their systems. Based on predetermined settings, the filter blocks content that is not acceptable for user access and viewing.
Organizations that have already transitioned to SDN need to be careful, however. Content filtering is an application layer control, and may not be built in to many SDN-based network refresh designs, notes McHenry. “The vital features to look for are prepackaged integration tools for your SDN controller solution as well as open application programming interfaces to customize more advanced SDN integrations with security services.”
Perhaps the biggest SDN security concern is a compromised SDN controller. “A traditional network has a control plane that is distributed across all the nodes,” observes Fred Chagnon, research director of the Info-Tech Research Group’s infrastructure practice. Attempts to compromise the network involve injecting misinformation into this control plane to influence network behavior. “With an SDN controller, there is now a dedicated attack platform to direct such an attack, Chagnon says. “The security of the controller itself cannot be overstated.”
Privacy Through Encryption
Network traffic encryption via a gateway device is a widely used approach for protecting communication between local networks. With a gateway, all traffic is encrypted regardless of the protocol used.
According to McHenry, in-flight traffic encryption is vital, even on private or trusted networks. “Insider threats necessitate a zero trust model for security, and transport encryption mainly via TLS, IPSec, or SSH is fundamental to this approach. HTTPS, FTPS, and other encrypted protocols should be the standard for any new service deployment,” he says.
Encryption can be most efficiently handled via a virtual private network using a public network — typically the internet — to link remote sites or users together. “VPNs are still essential technologies for secure remote and site-to-site access where the application protocol may not have inherent encryption,” McHenry says.
CDW’s solutions and services can help secure your network