Hello ADI Community,
This is part 2 of the 7 part Blog Series “Security is more than an Antivirus”.
To review, here are the 7 layers of security:
(1) Human Layer → (2) Perimeter → (3) Network → (4) Endpoint → (5) Application → (6) Data → (7) Mission Critical Assets
“The Perimeter” … will be today’s topic of discussion. We can start to define the perimeter as the Edge of your companies’ network. The Edge includes all of the access routes into your internal network, as well as the devices involved. This could include remote users logging into the VPN from their work laptop… or your email server sending over new emails to your Outlook from a cloud exchange server.
There are a few core devices that manage the perimeter of your network. These devices help manage the traffic in and out of your network with security in mind.
Core Devices:
Router is a device that directs network traffic flowing in and out of your network. Think of your network as a big city and the streets are different paths throughout the network. In that scenario the router is your traffic light system. Without traffic lights your “Big City” would be one big traffic jam. Your router will direct traffic through your streets to minimize traffic and maintain an efficient flow.
Firewall is a device that contains a set of rules that determine what traffic is allowed or denied. Using the same “Big City” scenario, you can compare a firewall to traffic signs. ‘One way’ signs tell traffic don’t go this way…’Stop’ signs say stop and check for traffic before moving…’Authorized Only’ signs say you’re only allowed through if you’re authorized.
Intrusion Detection System (IDS) is a device(s) that detects suspicious activity on your network. In your “Big City” an IDS would be your surveillance cameras, speed traps, check points. When your IDS detects suspicious activity, it will follow rules that your engineer setup. If your cameras record illegal activity your rule sends a patrol car to stop the threat…If the speed trap detects too much speeding traffic your rule puts a patrol car there…If a threat is found at your checkpoint your rule blocks them from continuing and arrests (quarantines) the offending traffic.
Intrusion Prevention System (IPS) is a device that automatically defends your network when a threat is detected. The difference between the IDS and IPS is when the former detects a threat it notifies the network administrator while the IPS detects and automatically takes action to defend against the threat. In your “Big City” the IPS is your police department. They patrol the streets and act if a threat is detected.
How do your protect “The Perimeter”?
There are standard guidelines to best protect your perimeter. As malware evolves these guidelines are continually updated by the security community. So, you should always keep up-to-date on the latest guidelines to follow.
Standard Guidelines:
Strong Authentication includes strong passwords to access critical assets, like data servers. We recommend your passwords to be 10 characters or more and contain a combination of capital and lowercase letters, numbers, and allowed special characters (ie: Adiblog1s#1!). Change your password at least once a month. You should also enable MFA (multi factor authentication) where applicable. An example of MFA is, when you login to a system then enter your password, and you are required to enter a authentication token.
Access Control is only allowing the required users and systems to access sensitive parts of your network. For example, your router, which orchestrates your entire network, should ONLY be accessible by your network administrator and/or engineer. Ex-employees access should always be removed immediately. Schedule a monthly audit of your external network channels. If a vendor you work with phases out an old server your connected to, then you must remove this connection from your side or you are left with a hole in your security perimeter.
Block everything and then allow means that by default all access to your network should be first blocked, then you should add only the required access. For example, when your new router is shipped to you the default settings allow open access to your network. THIS IS BAD. Before plugging in your sensitive resources to the router the ‘deny all’ rule should be set and then additional rules can be added to only allow required access.
Talk to your vendors/providers means always maintain open communication with the security team of any external provider that connects to you. For example, if you use our Microsoft 365 Exchange server for your companies’ email then you should always be updated on new service changes and updates that our team rolls out. Also if there are any issues with connectivity or security you have a direct channel to get them resolved.
I hoped I summed up what the perimeter is and how to protect it.
Stay tuned for part 3 of the 7 part Blog Series “Security is more than an Antivirus”.
Sincerely your tech savvy engineer,
Angel Contreras
Blogger for Advanced Data Infrastructure, LLC
Visit us at http://www.adipros.com or call us at (919) 727-2200.
References: