Best practice approach to network security
Network Defence in Depth has, for a long time been the best practice approach to network security, but as we become more mobile and it becomes increasingly challenging to defend the network against evolving Cyber threats, the defence in depth methodology is of acute importance to help your organisation avoid the headlines.
As Cyber criminals wield increasingly sophisticated social, economic, technical and brute force tools; deploying these in parallel to strain network security from many different angles, organisations should consider a complimentary suite of defensive measures to counter the escalating risk.
With mobility and Cloud changing the way we operate, our networks are always-on, supporting connections from our phones, tablets and laptops outside the safe haven of the corporate network. As we support access across Guest Internet and open Wireless connections the perception of the network perimeter is now blurred, and can no longer be defined by the edge of the Firewall. The ‘inside’ of the network is everywhere, demanding a security everywhere to secure all angles of attack, both from outside and from within.
As new zero-day attacks emerge – security is generally reactive to emerging threats, there’s an inevitable delay before security vendors can identify and remediate during which our networks are exposed, and in our always-on, connected world organisations must adopt best-practice edge-to-edge defence across and within the network to limit the depth of an attack, whilst diversifying security across a blend of network security technologies to offer the complete solution.
The defence in depth approach recognises that each individual layer of security can be compromised – there is no silver bullet technology that’s always ahead of the Cyber criminals, but defence in depth seeks to mitigate the impact of a security breech, restricting an attack circumference with granular access control and micro-segmentation, whilst buying time for security specialists to identify and remediate the threat.
Syscomm advocate a multi-layered, multi-vendor approach to IT security, building layers of complimentary security technology, layered up from a fundamentally secure Ethernet network architecture up to the user application, providing protection for the entire network function. We design and deliver holistic perimeter-everywhere security to protect each entry point into your network.
Our approaches to Network Defence represent a cost-effective blend of the following technologies and mitigations:
- Underlying Ethernet Network:
Building LAN and WAN networks that support edge-to-edge, switch-to-switch encryption. Building dynamic networks that only extend networks out to the devices that need them, and only for the time that they’re needed. Using Network Access Control to restrict access to the network on a who, what, where, when basis to ensure only valid devices can connect to the network. Building stealthy networks that do not reveal the extent of the network or reveal routing to hackers using tools to identify the network topology. Building micro-segmented network zones to isolate devices within smaller secure network areas, restricting the ports and services required to flow between zones
- Network Firewalling:
Tunnelling traffic between internal network zones through Firewalls, with only the necessary ports, services and protocols open between zones. Running multi-layer next-generation Firewall defences to provide application aware, layer-7 Firewalling with Deep Packet Inspection. Running Intrusion Detection and Prevention (IDS and IPS) to inspect internal and external traffic against known hacking patterns and malicious activities.
- Network Access and Authentication:
Network logon tied into Active Directory with LDAP or RADIUS to validate users before admitting them to the network.Two Factor Authentication (2FA) for local or remote VPN logon, to protect access based on a factor you have (typically one-time PIN or Smartcard) and a factor you know (password) to prevent identity and password theft. Access on a need-to-know basis, restricting user access to only the resources and network permissions required for their role.
- Security Information Event Management (SIEM):
Logging of security event activity from devices across the network back into a centralised engine to run real-time heuristics and analytics activity network wide. SIEM analytics generates alerts of threatening hacking activity and irregular security events moving through the network
- Endpoint Security:
Endpoint Security to deliver centralised Anti-Virus reporting and management, but also edge based Intrusion Detection and Prevention, edge-Firewalling, application controls and security information logging at the Laptop, Desktop or Mobile endpoint.