[ISN] Ten steps to secure networking

[InfoSec News]

http://www.techworld.com/security/features/index.cfm?FeatureID=1862

By Pamela Warren
Nortel 
October 12, 2005

Secure networking ensures that the network is available to perform its
appointed task by protecting it from attacks originating inside and
outside the organisation.

Traditional thinking equates this to a handful of specific
requirements, including user authentication, user device protection
and point solutions. However, the move to convergence, together with
greater workforce mobility, exposes networks to new vulnerabilities,
as any connected user can potentially attack the network.

Application traffic must be securely delivered across the network,
avoiding threats such as theft of intellectual property or private
data. In addition, the underlying infrastructure must be protected
against service disruption (in which the network is not available for
its intended use) and service theft (in which an unauthorised user
accesses network bandwidth, or an authorised user accesses
unauthorised services).

While most organisations focus on securing the application traffic,
few put sufficient infrastructure focus beyond point solutions such as
firewalls. To protect the total network, security must be incorporated
in all layers and the complete networking lifecycle.


Secure networking layers

Secure networking involves securing the application traffic as it
traverses the network. It should encompass these areas:

Perimeter security protects the network applications from outside
attack, through technologies such as firewall and intrusion detection.

Communications security provides data confidentiality, integrity and
non-repudiation, typically through the use of Secure Sockets Layer or
IPsec virtual private networks (VPN).

Secure networking extends this by protecting the underlying
infrastructure from attack.

Platform security ensures that each device is available to perform its
intended function and doesn't become the network's single point of
failure. The network security plan should include antivirus checking
and host-based intrusion detection, along with endpoint compliance, to
ensure that security policies check user devices for required security
software.

Access security ensures that each user has access to only those
network elements and applications required to perform his job.

Physical security protects the network from physical harm or
modification, and underlies all security practices. The most obvious
forms of physical security include locked doors and alarm systems.


Secure networking lifecycle

Providing a secure network is not a one-time event, but rather a
lifecycle that must be continually reviewed, updated and communicated.  
There are three distinct stages to be considered:

How can security breaches be prevented? Along with hardening of
operating systems and antivirus software, prevention includes
processes to regularly review the network's security posture, which is
particularly important as new convergence and mobility solutions or
new technologies and platforms are added to the network.

How can security breaches be detected? Although some breaches are
obvious, others are much more subtle. Detection techniques include
product-level and network-wide intrusion-detection systems, system
checks and logs for misconfigurations or other suspicious activity.

What is the appropriate response to a security breach? A range of
preparations must be made to respond to a successful breach, some of
which may include the removal of infected devices or large-scale
disaster recovery.


Standards for secure networking

To ensure a consistent set of requirements, lower training costs and
speed the introduction of new security capabilities, IT managers
should use these 10 security techniques across their networks.

1. Use a layered defence. Employ multiple complementary approaches to
security enforcement at various points in the network, therefore
removing single points of security failure.

2. Incorporate people and processes in network security planning.  
Employing effective processes, such as security policies, security
awareness training and policy enforcement, makes your programme
stronger. Having the people who use the network (employees, partners
and even customers) understand and adhere to these security policies
is critical.

3. Clearly define security zones and user roles. Use firewall, filter
and access control capabilities to enforce network access policies
between these zones using the least privileged concept. Require strong
passwords to prevent guessing and/or machine cracking attacks, as well
as other strong forms of authentication.

4. Maintain the integrity of your network, servers and clients. The
operating system of every network device and element management system
should be hardened against attack by disabling unused services.  
Patches should be applied as soon as they become available, and system
software should be regularly tested for viruses, worms and spyware.

5. Control device network admission through endpoint compliance.  
Account for all user device types, wired and wireless. Don't forget
devices such as smart phones and handhelds, which can store
significant intellectual property and are easier for employees to
misplace or have stolen.

6. Protect the network management information. Ensure that virtual
LANs (VLAN) and other security mechanisms (IPsec, SNMPv3, SSH, TLS)  
are used to protect network devices and element management systems so
only authorised personnel have access. Establish a backup process for
device configurations, and implement a change management process for
tracking.

7. Protect user information. WLAN/Wi-Fi or Wireless Mesh
communications should use VPNs or 802.11i with Temporal Key Integrity
Protocol for security purposes. VLANs should separate traffic between
departments within the same network and separate regular users from
guests.

8. Gain awareness of your network traffic, threats and vulnerabilities
for each security zone, presuming both internal and external threats.  
Use antispoofing, bogon blocking and denial-of-service prevention
capabilities at security zone perimeters to block invalid traffic.

9. Use security tools to protect from threats and guarantee
performance of critical applications. Ensure firewalls support new
multimedia applications and protocols, including SIP and H.323.

10. Log, correlate and manage security and audit event information.  
Aggregate and standardise security event information to provide a
high-level consolidated view of security events on your network. This
allows correlation of distributed attacks and a network-wide awareness
of security status and threat activity.

The International Telecommunication Union and Alliance for
Telecommunications Industry Solutions provide standards that
enterprises can use in their vendor selection process. However, no
single set of technologies is appropriate for all organisations.  
Regardless of the size of the organisation or the depth of the
capabilities required, secure networking must be an inherent
capability, designed into the DNA of every product. By following the
steps described above, companies will have the right approach for
securing their increasingly mobile, converged networks.

-=-

Pamela Warren is a senior security solutions manager at Nortel,
currently responsible for strategic security initiatives in the office
of the chief technology officer.