Network Security - Different Views

DarwinEvolved

New Member
Joined
Aug 8, 2019
Messages
2
I often wonder why some people have this idea that securing IT infrastructure is a complicated task only accomplishable by a select set of super human, supreme beings amongst the pool of IT professionals. I am of the opinion that it can in fact be very simple by stating the design of your security infrastructure with the following question: “What matters most”. Why this question? Simple… A development house, fruit packing facility, law firm and so on might all have IT infrastructure to protect but the before mentioned question will define what is the critical component in each scenario that could cripple the company.

When you look at a companies’ infrastructure and defining the answer to the above you can classify what data needs to go which destinations and what protocols are used for each. This would allow profiling of servers and workstations within the organization that would allow real time monitoring of the communication occurring on your network which is far more valuable than it would seem at first glance.

The concept of network monitoring by trying to look for things that should not be there base on malware and virus signatures is taxing, especially considering the rate at which new strains are created and the sheer magnitude of the attack surface of the average infrastructure. Knowing what should be there makes the task of detecting intrusions and failures in the security measures much simpler.

Consider the following scenario: Digital Marketing

20 Stationary Sales People

200 Strong Marketing Staff visiting a multitude of prospects on a daily basis

3 Servers, One for the CRM system, a server hosing the payroll/hr system and a mail server

150 desktop workstations

100 laptops

And 250 mobile devices that at some point during each day would be connected to the company network.

This makes for a decent sized attack surface that could be exploited by competitors or hackers aimed at infecting the infrastructure with randsomware. Wanna cry?

One approach would be to frantically try to plug all conceivable holes, apply restrictive policies that might hinder the productivity of marketers on the road and will most definitely be extremely expensive, complex and would require specialized skills to manage, forcing the marketing company to invest in costly resources that has nothing to do with their core business.

The alternative. The answer to the question in this scenario would be the CRM system, it is after all the heart of such an organisation containing contact information of leads and existing customers …. If everything else except this component of the infrastructure gets hit by randsomeware the company could recover in a very short span of time. Knowing what matters most to the company then enables profiling of this component of the infrastructure and would make defining what type of communication should be allowed much easier, greatly reducing the risk by knowing that something got in by now having a sort of early warning system that will make it very visible that the compromised system is now behaving outside the bounds of the profile defined for it allowing you to take precautions and resolve the problem before it hits the fan. The rest of the infrastructure could get by with a disaster recovery plan, cutting down on costs and complexity. Anti Virus Software, firewalls ect will always have a place in Information Security but if we are going to protect agains a rapidly evolving threat, the methods used to ensure security needs to evolve as well.

This is my humble view on this topic and would very much like input from IT professionals on this forum, be it an opposing view or additions to my article. But please, be nice with the critique … this is my first rodeo.
 

Genisys

Executive Member
Joined
Jan 12, 2016
Messages
9,453
I'm not sure what response you are expecting, but the answer is simple, hire a cyber security expert to see how security could be improved, don't rely on a Tech to do what a security expert should do, that is asking for trouble.
 

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
36,902
There's security done by uncle Jimmy who thinks he knows how networking works and then there is security.
 

MDKza

Well-Known Member
Joined
May 24, 2012
Messages
479
VPN is the biggest problem at the moment.
Get rid of it and get something similar to what UAG used to do.
 
Top