With the growing threat to network security, it's no surprise that companies are revising their protection strategies to control users and protect their intranets and data. its important.
Network security experts are in a very dilemma, stuck between the need to support user productivity and the flexibility of an organization, while maintaining security. For access to important data. As the boundaries have been removed, they are facing continuous attacks. This increases the complexity and cost, as well as increases the regulatory pressure. It is clear that only traditional backbone strategies are no longer effective for today's highly interconnected businesses.
Organizations are trying their best to solve the problem with the tools they already have at their disposal, deploying perimeter security layers on intranets to monitor users and control access. While this measure has reduced some of the risk, costs are very high because these technologies have never been designed to protect heterogeneous corporate intranets.
The biggest advantage over hackers
The protection of your local network is based on one-time authentication, passwords and / or cards, just like presenting your ID at the door, but then go anywhere. Which you want in a building that has been & quot; protected & quot ;.
In today's tightened environment, once authentication is not enough to protect your system from intruders, you must also control and monitor the user at all times. Inside and can check who they are and what they are doing. In fact, network security must reflect the physical security situation by attaching a & quot; sign & quot; At the entrance with the security of the designated areas. Finally, knowing who should be on your network is one of your greatest advantages over hackers and identity thieves.
For most enterprise organizations, internal protection includes the deployment of a multilayered approach. This method includes a combination of firewalls, intrusion detection systems, deep packet inspection, access control, anti-virus software, and a stringent vulnerability patch. But as the risks and pressures of regulations grow, the costs and complexity of maintaining these classes also increase.
We are beginning to see innovative, identity-based approaches built to address the need for intranet security. These needs can be expanded without additional management requirements or additional costs. Security experts must be ready to evaluate the effectiveness of their existing internal business security strategies and innovative solutions combined to face the challenges of an ever-separated network and perimeter. change.
5 steps to gain control
The pioneering suggestions below will help you gain control of your users as well as improve the security situation around your organization's important data.
Remember that internal security is very different from ring security
The threat model for internal security differs from the model of perimeter security. Perimeter security protects your network from attackers on the Internet equipped with the exploit tools of popular Internet services such as HTTP and SMTP. The internal security model must deal with the bad guys in the company. Intranets are now faster, more complex, and more volatile. In addition, the access to your internal network within a network, simply by plugging in an Ethernet jack, is more dangerous than using a sophisticated hacker script.
You can no longer assume that people inside your intranet are & quot; trusted & quot; Because this group usually consists of many components from business partners, investors, consultants to customers. Even if you trust people on your local network, the risk remains because most of the vulnerabilities stem from carelessness rather than deliberate misuse. Thus, we face many challenges surrounding the control of user access and the protection of intranet data.
Protect important resources
Reports such as Symantec's semi-annual Internet Security Risk Report confirm that companies with online financial transactions, such as banks and payment services, are The main objectives of the attacks on the network. SANS's annual report on the top 20 Internet security vulnerabilities also shows a high risk associated with Web servers and popular operating systems. This information should be used by enterprises to give reasonable priority to projects for security and information technology.
Have you rated your internal systems as important to the company? Do you think of servers or applications where the data on it just for a small fraction of employees? There is an asset (application or database or server) at & quot; inside & quot; So important is that you think it will add additional authentication requests when accessing them. Or did you consider using the firewall or IDS to surround it yet? Take the priority, but keep in mind that these devices work with IP addresses that can be fake, misappropriated, or stolen.
On a network of 30,000 users, it would be unrealistic to expect every server to be locked and patched when there are holes. Rank your security risks and perform a cost-benefit analysis along with multiple solutions. Classify new assets based on value to the business and the financial impact of downtime. It may take a month to find, catalog, categorize and evaluate vulnerabilities for each web server on the network, but the investment time is right and practical.
You now have a list of web hosts, ranked by risk and value, assessing which servers are least protected and handling those servers first. For example, web servers in the DMZ need immediate attention rather than less accessible servers because they are deeper inside your network and are protected by more layers of security. Finally, identify any web server that has a property value High but can not be patched because of compatibility or because of other issues. These servers must be moved to a trusted area of your intranet with high levels of barriers between them and the rest of the world (virtual belts).
Turn off unused network services
This seems obvious, although it continues to be a flaw for hackers to exploit. Most systems and software have a lot of services and open ports to make the deployment and use process easier. Remote access services are usually turned on by default for both Windows and Unix systems. File sharing and remote procedure call (RPC) are just two examples of services that are more likely to be attacked.
Check your existing servers and central computer regularly to review these services and lock them when they are not running. Most companies have their own standards for user systems. Make sure your standard excludes all popular remote access services for the operating system in use. Remember that blocking these popular services from the firewall only protects them from outside access. You still have to pay attention to laptops and other attacks from within.
Create virtual rings
As you know, the separator belt has been eliminated. So what should you do? Start by assessing how your network is used and building virtual rings around business units. Servers will remain vulnerable as long as humans are operating them. Instead of creating unrealistic goals like & quot; no host being harmed & quot ;, a more feasible goal than not having a server can allow an intruder to fully access the network. if it is harmed.
If a marketing staff's computer is compromised, the attacker must be unable to access the research & amp; development (R & D) of the company. So you have access control between R & D and marketing. We know how to build rings between the Internet and the intranet. It's time to set up rings between different user groups in the corporate network.
Know who your users are by performing identity checks
The next step is to identify who your users are, what resources they are allowed to access, and then enforce that access control policy for the applications and the internal server. Your main strength to protect your internal network at this level is that you know who should be there and where they are. In this layer of protection, identification with an IP address is an acceptable option. This solution must support identifying the identity so that the internal protection layer can eventually grant the user access to the appropriate level of detail.
Authenticity is very good and necessary, but keep in mind that this is only valid once, at logon. You also need to keep in mind that internal firewalls and IDS can not control the identity and operation of IP addresses that are constantly changing and are easily forgotten by hackers. By attaching a & quot; identifier & quot; When accessing a network, organizations can effectively monitor access restrictions and prohibit access to unauthorized users.
The second generation of Identity Management will help us move in this direction. Initially, Identity Management focused on integrating authentication, access control, and password management. But when organizations implement Identity Management, they begin to realize that there is a gap between the application and the network layer and only by organizing the identity around the identity and managing it by identity, the problem New access can be solved.
