IT administrators are too busy to manually check their systems for leaks minute-by-minute, day-by-day. That said, they do need to put strategies in place to keep their networks safe. Implementing an all-encompassing security strategy offers the best protection in the context of network security, especially if it can recognise situations and trends quickly. For example, the ability to receive alerts when IT leaks and attacks occur can allow response and recovery times to decrease dramatically.
When developing and implementing an all-encompassing security strategy, there are a number of factors that IT administrators must consider to ensure they are providing the most effective and secure monitoring system for their network.
1. Firewalls are not the only wall
The first barrier to a network is of course its firewall. Inadequate firewall configurations demonstrate that many companies are still operating ‘9 to 5’, rather than ‘24/7’, as far as network security is concerned. By reviewing and independently auditing the system firewall regularly, administrators can ensure the most effective configuration is active.
Remote management services are often exposed to the public internet, rather than being filtered to only permit access from known networks (e.g. the LAN or VPN), while performing external penetration testing. As such, it is an extremely important task for every network monitoring solution to regularly check existing firewalls for operational reliability. This in mind, we must also consider that attackers can use many different paths, meaning checking the firewall alone will not protect the system.
2. Segregation is key
Another key consideration for effective monitoring solutions is network segregation. Segregation must work effectively both across your network egress and ingress points to ensure optimal protection. Network anomalies, arising from the segregation between clients and servers, must be detected at an early stage otherwise attackers can easily bypass compromised systems and access sensitive data in environments that are not sufficiently segregated.
3. Secure your Web Applications
With the most potential to become the main attack vectors, administrators and executives need to consider how to manage the risk that web-based software applications and APIs create in their companies. Applications can be made substantially harder to exploit by detecting and blocking attacks quickly, yet almost no applications or APIs have protections in place to enable this. Additionally, critical vulnerabilities in custom code and components are constantly being discovered, however organisations frequently delay the roll out of new defences and patches to prevent such discoveries.
Cross Site Scripting, SQL Injection and Parameter Tampering attacks are the biggest and most common threats found within applications. As such, applications should be securely coded using an appropriate methodology, and regularly tested to ensure there are no weaknesses to be exploited.
4. Patch fast and patch regularly
We are currently facing a deluge of targeted attacks on external software, and the increasing number of attacks are compromising whole network systems. It is critical that admins take action to defend and reinforce their network security, ensuring all services and systems are regularly patched. Among other third party software, this should include the likes of Java, Flash, and Adobe Reader. Furthermore, using tools which allow a precise vulnerability scanning of your network may help to ensure patches are being applied effectively to protect the system from attacks.
5. “Password” is not a suitable password, nor is your cat’s name
Though this may be second nature to the IT administrator, giving your colleagues and clients a lesson in ‘how not to choose your password’ is invaluable when it comes to protecting the network. SplashData publishes an annual list of the millions of stolen passwords made public throughout the last twelve months, sorted in order of popularity, which could be used as a resource for such a lesson. Ensuring strong passwords are used across the network and testing them regularly may sound simple, however broken authentication and file shares (without appropriate permissions), are as common as they are avoidable.
To ensure the network is well protected, it is vital that IT administrators carry out these checks regularly. Security vulnerabilities can be an immensely complex issue, the needle buried in a haystack of code, however the most-effective approaches for finding and eliminating these weaknesses are without a doubt human experts armed with effective tools. By making network security a crucial element in the development of your organisation, IT administrators can ensure the network is protected and maintained 24/7, leaving time to focus on other essential tasks.