1. Tech & Trends Click To Print
General Information
October 6, 2006 • Vol.28 Issue 40
Page(s) 1 in print issue
Exercise Best Practices & A Tiered Security Defense To
Protect Your Internal Network
Internal network security is now mission-imperative as SMEs face an ever-changing threat
landscape and business drivers such as compliance programs. Intrusions and breaches will occur,
and even the best prevention measures will eventually fail, resulting in threats on the internal
network. Attack sophistication is also on the increase as organized crime gets into computer
hacking.
Defense in-depth is a rising network security strategy combining best practices, policies, and a
tiered network security defense. “No single technology makes an effective security strategy for any
enterprise. Accordingly, enterprises must adopt a defense in-depth strategy that combines
preventive solutions (firewalls, antivirus, etc.) with response solutions (network behavioral analysis
[NBA]/signature IDS) for threats missed by primary defenses,” according to Steve O’Brian, vice
president of product management and marketing for GraniteEdge Networks
(www.graniteedgenetworks.com), the maker of the GraniteEdge ESP 2.0.
Internal networks require specialized defenses because they hold the most valued corporate
assets and have different architectures than perimeter. Typically, they are flat networks with no
single point of control, meaning many attack vectors and threats are difficult to shut down before
compromising corporate data.
Reduce The Exposure Window
Reducing the exposure window of an attack can be especially challenging for an SME.
“Because SMEs don’t have a command center and may not necessarily have security expertise,
they need more automated security checks and balances,” according to O’Brian.
Taking the chance of human error out of the equation is a proactive step for SMEs to reduce the
exposure window of an attack.
Mitchell Ashley, CTO of StillSecure (www.stillsecure.com), the maker of SafeAccess, recommends
a multilayer security model starting with a baseline of a firewall, VPN, and antivirus for the
directing of network traffic. Antivirus software should be deployed on the desktop, at the firewall
level, and on the email gateway. His vision for the next tier of security is intrusion prevention and
detection software.
O’Brian also recommends the automation of the first-line security tasks: “Accordingly, such
enterprises should deploy solutions that do the heavy lifting, reducing the amount of manual
analysis required. This applies to threat prevention and response solutions.”
Both Ashley and O’Brian recommend the implementation of NAC (Network Access Control)
http://www.processor.com/editorial/PrntArticle.asp?prnt=1&article=articl...
1 of 3 9/14/2011 8:30 PM
2. systems, a relatively new security technology that has gained a foothold this year and is due to
grow into next year. NAC systems are software solutions designed to protect the networks and
provide access control to all devices on the network, regardless of whether they reside behind the
firewall or are remote users. The ability to assess and continually reassess network policies is
integral to remediation efforts if an intrusion does occur and your network perimeter is
compromised.
Another step SMEs can take to reduce the exposure window is to implement rigorous patching
plans both at the server and desktop levels, including auto updating of browsers, office suites, and
operating systems.
Narrow Your Focus
“Practically speaking, enterprises cannot protect every asset within the enterprise to the level
desired. So they need to focus their attention on high-risk, high-value areas within the network,”
according to O’Brian. He further states, “In some cases, these may be servers containing
customer records in a database. In other cases, these may be core business processes such as
their transaction network. For SMEs, losing a critical resource may put the company out of
business. Accordingly, these assets, including the supporting infrastructure, must not be
compromised.”
Ross Ortega, president of GraniteEdge Networks advises, “Focus on what’s important, what is
business-critical infrastructure, and then draw an envelope around it.”
Ensure Policies & Configurations Work As Planned
Under defense in-depth, Ashley emphasizes the importance of putting policies in place that
protect end points such as laptops and desktops, which is a step away from the traditional network
defense models. “Take a guilty until proven innocent approach,” he says for devices accessing
your network.
User security education is integral to the defense in-depth security model. StillSecure’s Ashley
says, “Focus security training on actions an end user can do on their systems.” This practical
approach to security training should also use real-life examples
O’Brian states, “Many damaging security incidents start from humble beginnings—such as being
careless with sensitive data or employees not staying current with the latest patches. This extends
beyond just ‘Joe Employee’ and into the IT team—where patch management, configuration
management are tedious jobs that can easily go awry. Solid policy that is regularly communicated
and enforced will reduce a company’s exposure to incidents arising out of simple mistakes.”
After user education comes monitoring, and O’Brian says, “Though education helps, it does not
cure the issue of human error. Accordingly, enterprises must monitor user behavior and must
establish automated checks and balances to ensure network configurations and security policy is
being followed. This extends to regulatory compliance as well. Regular monitoring and proactive
testing will expose minor problems before they turn into major incidents.”
Validate The Extent Of Threat Reach
When a network security threat infiltrates your network perimeter, it’s imperative to validate the
extent of the threat in short order. O’Brian of GraniteEdge Networks emphasizes the importance of
behavioral approaches, which go beyond typical signature-based security solutions that have
been the traditional first line of network defense.
Implementing defense in-depth strategies to protect your SME’s network infrastructure requires a
new approach to network defenses, additional best practices, and a focus on your SME’s most
critical network assets.
by Will Kelly
http://www.processor.com/editorial/PrntArticle.asp?prnt=1&article=articl...
2 of 3 9/14/2011 8:30 PM