Network Security Management

This tag is associated with 3 posts

V (5) Fundamentals of a Secure WLAN

Would you rather have something for free or pay for it?

Dumb question right? A free ticket to watch the Seahawks pummel I mean battle the Broncos in Super Bowl XLVIII beats paying $2,100 per ticket any day – unfortunately, not a choice you or I will likely have to grapple with anytime soon.

However, when it comes to wireless networking, this is a question we face all the time.  Do I jump on the coffee shop’s complementary network after ordering my quadriginoctuple-frap, or do I use my provider’s network and eat into my data plan?

I would hazard to guess that most of us choose the free option – especially if we are going sit there and nurse that beverage all day – a choice that is repeated every day at coffee shops all around the world. In fact, we have gotten so used to making this choice as customers that we expect Wi-Fi access everywhere, including at work.

And, while an increasing demand for wireless networking may not be breaking news, many organizations still struggle when it comes to successfully deploying wireless networks in a secure manner.

So, in the spirit of the Super Bowl example above (nice work Hawks), I would like to present what coaches often call the fundamentals – only here I’ll talk about five fundamentals of securing your wireless network.

And, I’ll use roman numerals.

But no X’s or O’s.

I. Have a Plan

If you rush out, buy a couple of wireless access points and chuck them on your network, you’ll likely just make things worse. Instead, take time to understand your goals and consider some important pre-deployment questions such as:

  • How many wireless users do I expect to have on my network?
  • How much wireless coverage and what kind of bandwidth do I need?
  • What kind of traffic do I want to allow/restrict? (Pay particular attention to social media and mobile applications.)
  • How will I restrict access to the WLAN (by device, by user, by SSID, etc.)?
  • Will both corporate and personal devices be allowed access to the WLAN?

It’s also a good idea to draft a network usage policy and have users sign it as this can help to encourage self-enforcement.

II. Implement Access Controls

Segmenting the WLAN (e.g. by VLAN), creating security policies for different SSIDs, enabling station separation, enforcing MAC control lists and user authentication can all help to ensure WLAN users, devices and traffic are only allowed to access intended resources.

III.  Synchronize Wired and Wireless Networks

Make sure your wired and wireless security policies don’t conflict.  If an access policy is being enforced on your wired network, ensure you are not circumventing it with your WLAN policy.

IV.  Use Strong Passwords

Create strong WLAN access passwords and change them regularly.  Some strong password creation tips can be found here.

V. Monitor, Adjust, Repeat

Regularly use monitoring tools and review traffic logs to see what’s happening on your network. This will help to ensure policies are being enforced as expected, identify new traffic types and applications to allow/restrict and recognize emerging threats.

To learn more about how WatchGuard can help you to deploy a robust and secure WLAN, check out our wireless page here.

FIVE Network Security Management Requirements for Controlling BYOD and Shadow IT

UTM ApplianceWith cloud computing and BYOD permeating almost every organization, shadow IT is beginning to make its way onto the radar screens of business leaders inside and outside of the IT department. The truth is, however, that shadow IT has been around for decades and is not necessarily a bad thing.

Shadow IT are systems and solutions built without the approval of the organization, and they are often innovative, potential prototypes for future IT-approved solutions. The problem is that while creating real value to an organization, they are often built without key network security management protocols in place; namely reliability, documentation, control, security, and budget.

So why the hype and why now? While shadow IT has been around for a long time, the volume and velocity of applications and cloud solutions, not to mention low cost (often free) is multiplying rapidly, creating an IT snowball effect. In fact, according to a PricewaterhouseCoopers’ Digital IQ survey, at 100 companies that PwC considers top performers, IT controls less than 50 percent of corporate technology expenditures – and we’re talking pretty large companies here with typically strict IT policies in place. This is in drastic contrast to ten years ago, when the Dachis Group estimates that only 10 percent of IT spending took place outside of IT. At smaller organizations where IT departments are even less influential, this shadow IT snowball effect is even more rampant.

So what can IT departments do? The answer is securing the network and protect the organization from outside threats. Containing the growth of shadow IT may not be an option, but reducing outside threats is. Select a strong, multi-function Unified Threat Management (UTM) system that goes beyond a simple firewall to deliver strong network security management, and make sure it has these FIVE key elements:

  1. Easy-to-Use Policy Tools – This way, administrators can enforce the policies that best meet their environment, whether it is a small retail shop or a multinational, distributed enterprise. And today, you really need to consider a single console that allows for easy integration of both wired and wireless security policies.
  2. Network Segmentation – Today’s solutions need to let administrators easily and quickly set up various network segments, to include virtual assets that can be protected and segmented to maintain compliance and high security. Also consider the capability to segment and secure accordingly via SSID (guest, corporate, finance, etc.).
  3. Smart Logging and Reporting – This may be one of the most valuable resources that IT can leverage for their BYOD strategy. Administrators need to be able to gain deep insight into what is connected to their network, as well as the applications being used. These insights not only help safeguard resources, but also illuminate trouble spots and potential weaknesses, and help to remediate areas of concern.
  4. VPN Functionality – Leveraging smart VPN capabilities, administrators can enforce acceptable use policies for mobile, remote and road warriors who need to access corporate data anytime, anywhere.
  5. Use Best-in-Class Solutions – When we built our XTM line of multi-function, smart firewalls we consolidated many vital security services (Anti-virus, IPS, Application Control, URL filtering, and more). But rather than build these ourselves, we relied on our best-in-class partner technologies (AVG, BroadWeb, Kaspersky, Commtouch, Websense, etc.). The result is a peerless multilayered security, an unrivalled ease-of-use and centralized management experience, and industry-leading UTM throughput performance. These solutions extend network security to the WLAN, critical for securing personal mobile device traffic, which generally utilizes wireless networks in corporate environments.

Without question, BYOD and the cloud is accelerating shadow IT, but strong network security can reduce and eliminate the inherent risks. As a leader in network security, we work to develop solutions to enable a safe and productive BYOD ecosystem. By enforcing a practical policy, we believe that organizations can enable workforce productivity, foster goodwill and trust across the organization, achieve compliance demands, and maintain strong security–without sacrificing flexibility.

Dissecting the Hacker – Three Profiles You Need to Know

Most network security management professionals have a pretty good understanding of the technology they employ to protect their company or data center from cyber-criminals. From UTM appliances offering the latest and greatest in compliance management and data security to wireless network security and BYOD device management, most people in the trenches know the clicks and feeds necessary to protect the mother-land. But do you know your enemy? I mean do you really know them; their personalities, friends, motives?

We just released an Infographic that profiles the three types of hackers that make network security management a challenge that is likely to become even more complex in the days and months ahead.

The Hacktivist – Hacktivists are politically motivated cyber-attackers. Activists, including the more extreme ones, have over the past five years, begun to realize the power of the Internet, and have started using cyber-attacks to get their political message across. Some examples include the infamous Anonymous, and the more recent Syrian Electronic Army. Most are decentralized and often not very well organized or with a central leadership.

While disorganized, these activist groups can cause significant problems for governments and businesses. They tend to rely on fairly basic, freely available “Skript Kiddie” tools – their most common weapon of choice being  a DDoS attack, using tools like HOIC or LOIC. More advanced hacktivists also tend to rely on web application attacks (like SQLi) to steal data from certain targets, the goal being to embarrass —something they often call Doxing.

While hacktivists are not as sophisticated as other hackers, they still cause havoc for many large organizations as well as governments. Since these hacktivist’s political agendas can vary widely, even small businesses can find themselves a target depending on the business they are in or partnerships they have.

Cyber Criminals – Cyber criminals have been around longer and so more is known about them. This group’s motive is simply to make money using any means necessary.

Cyber criminals range from a few lone actors who are just out for themselves, to big cyber-crime organizations, often financed and headed by more traditional criminal organizations. The cyber criminals are responsible for stealing billions of dollars from consumers and businesses each year.

Cyber criminals participate in a wealthy underground economy, where they can buy, sell and trade attack toolkits, zero day exploit code, botnet services, and more. They also buy and sell the private information and intellectual property they and others steal from victims. Lately, they’re focusing on web exploit kits, such as Blackhole, Phoenix, and Nuclear Pack, which they then use to automate and simplify drive-by download attacks.

Their targets can vary from small business and even the individual consumer, whom they attack opportunistically, to large enterprises who they target with specific goals in mind. In a recent attack on the banking and credit card industry, a very organized group of cyber criminals was able to steal 45 million dollars from global ATMS in a very synchronized fashion. The attack was made possible due to an initial, targeted network breach against a few banks and a payment processing company.

Nation States (or State-Sponsored Attackers) – This is the newest, and most concerning new threat. They are government funded and guided attackers, ordered to launch operations from cyber espionage to intellectual property theft. These attackers have the biggest bankroll, and thus often can hire the talent to create the most advanced, nefarious, and stealth threats out there today.

A couple of recent examples of Nation State attacks that made headlines include:

  • The Operation Aurora attack, where allegedly, Chinese attackers gained access to Google and many other big companies, and supposedly stole intellectual property, as well as sensitive US government surveillance information.
  • The Stuxnet incident, where a nation state built an extremely advanced, sneaky, and targeted piece of malware that not only hid on traditional computers for years, but also could infect programmable logic controllers used in centrifuges. The attack was designed to damage Iran’s nuclear enrichment capabilities.

Unlike the other hackers’ tools, state-sponsored attackers create very customized and advanced attack code. Their attacks often incorporate previously undiscovered software vulnerabilities, called zero-day, which have no fix or patch. They often employ the most advanced attack and evasion techniques like using kernel level rootkits, stenography, and encryption to make it very difficult for you to discover their malware. They have even been known to carry out multiple attacks to reach their ultimate target. These advanced attacks are what coined the new industry term, advanced persistent threat (APT).

While you’d expect nation state attackers to have very specific targets, such as government entities, critical infrastructure, and Fortune 500 enterprises, they still pose some threat to average organizations as well, since many private organizations are government contractors and suppliers. To up the ante even further, their techniques and tools are slowly becoming visible to cyber criminals and hacktivits.

Today’s network security management professionals need to know more than just the technology available to stop threats, they have to really know who’s knocking at their back or front door. Check out the Infographic today and share it with your colleagues or make a poster out of it, but at the very least be sure to know your enemy. After all, they know you!