Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Ten steps to secure networking

Moving your defence beyond firewalls and other point solutions.

Article comments

Secure networking ensures that the network is available to perform its appointed task by protecting it from attacks originating inside and outside the organisation.

Traditional thinking equates this to a handful of specific requirements, including user authentication, user device protection and point solutions. However, the move to convergence, together with greater workforce mobility, exposes networks to new vulnerabilities, as any connected user can potentially attack the network.

Application traffic must be securely delivered across the network, avoiding threats such as theft of intellectual property or private data. In addition, the underlying infrastructure must be protected against service disruption (in which the network is not available for its intended use) and service theft (in which an unauthorised user accesses network bandwidth, or an authorised user accesses unauthorised services).

While most organisations focus on securing the application traffic, few put sufficient infrastructure focus beyond point solutions such as firewalls. To protect the total network, security must be incorporated in all layers and the complete networking lifecycle.

Secure networking layers
Secure networking involves securing the application traffic as it traverses the network. It should encompass these areas:

Perimeter security protects the network applications from outside attack, through technologies such as firewall and intrusion detection.

Communications security provides data confidentiality, integrity and non-repudiation, typically through the use of Secure Sockets Layer or IPsec virtual private networks (VPN).

Secure networking extends this by protecting the underlying infrastructure from attack.

Platform security ensures that each device is available to perform its intended function and doesn't become the network's single point of failure. The network security plan should include antivirus checking and host-based intrusion detection, along with endpoint compliance, to ensure that security policies check user devices for required security software.

Access security ensures that each user has access to only those network elements and applications required to perform his job.

Physical security protects the network from physical harm or modification, and underlies all security practices. The most obvious forms of physical security include locked doors and alarm systems.

Secure networking lifecycle
Providing a secure network is not a one-time event, but rather a lifecycle that must be continually reviewed, updated and communicated. There are three distinct stages to be considered:

How can security breaches be prevented? Along with hardening of operating systems and antivirus software, prevention includes processes to regularly review the network's security posture, which is particularly important as new convergence and mobility solutions or new technologies and platforms are added to the network.

How can security breaches be detected? Although some breaches are obvious, others are much more subtle. Detection techniques include product-level and network-wide intrusion-detection systems, system checks and logs for misconfigurations or other suspicious activity.

What is the appropriate response to a security breach? A range of preparations must be made to respond to a successful breach, some of which may include the removal of infected devices or large-scale disaster recovery.

Standards for secure networking
To ensure a consistent set of requirements, lower training costs and speed the introduction of new security capabilities, IT managers should use these 10 security techniques across their networks.

1. Use a layered defence. Employ multiple complementary approaches to security enforcement at various points in the network, therefore removing single points of security failure.

2. Incorporate people and processes in network security planning. Employing effective processes, such as security policies, security awareness training and policy enforcement, makes your programme stronger. Having the people who use the network (employees, partners and even customers) understand and adhere to these security policies is critical.

3. Clearly define security zones and user roles. Use firewall, filter and access control capabilities to enforce network access policies between these zones using the least privileged concept. Require strong passwords to prevent guessing and/or machine cracking attacks, as well as other strong forms of authentication.

4. Maintain the integrity of your network, servers and clients. The operating system of every network device and element management system should be hardened against attack by disabling unused services. Patches should be applied as soon as they become available, and system software should be regularly tested for viruses, worms and spyware.

5. Control device network admission through endpoint compliance. Account for all user device types, wired and wireless. Don't forget devices such as smart phones and handhelds, which can store significant intellectual property and are easier for employees to misplace or have stolen.

6. Protect the network management information. Ensure that virtual LANs (VLAN) and other security mechanisms (IPsec, SNMPv3, SSH, TLS) are used to protect network devices and element management systems so only authorised personnel have access. Establish a backup process for device configurations, and implement a change management process for tracking.

7. Protect user information. WLAN/Wi-Fi or Wireless Mesh communications should use VPNs or 802.11i with Temporal Key Integrity Protocol for security purposes. VLANs should separate traffic between departments within the same network and separate regular users from guests.

8. Gain awareness of your network traffic, threats and vulnerabilities for each security zone, presuming both internal and external threats. Use antispoofing, bogon blocking and denial-of-service prevention capabilities at security zone perimeters to block invalid traffic.

9. Use security tools to protect from threats and guarantee performance of critical applications. Ensure firewalls support new multimedia applications and protocols, including SIP and H.323.

10. Log, correlate and manage security and audit event information. Aggregate and standardise security event information to provide a high-level consolidated view of security events on your network. This allows correlation of distributed attacks and a network-wide awareness of security status and threat activity.

The International Telecommunication Union and Alliance for Telecommunications Industry Solutions provide standards that enterprises can use in their vendor selection process. However, no single set of technologies is appropriate for all organisations. Regardless of the size of the organisation or the depth of the capabilities required, secure networking must be an inherent capability, designed into the DNA of every product. By following the steps described above, companies will have the right approach for securing their increasingly mobile, converged networks.

Pamela Warren is a senior security solutions manager at Nortel, currently responsible for strategic security initiatives in the office of the chief technology officer.


Share:

More from Techworld

More relevant IT news

Comments

ingrid said: not helplfull at all



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *