Tuesday, February 24, 2015

Simple Strategies for Network Security Excellence

Simple Strategies for Network Security Excellence

https://siliconintelligence.wordpress.com/2014/09/30/simple-strategies-for-network-security-excellence/
Excellence, a tough term to measure! Because in today’s IT spectrum no company or enterprise can say they have excelled in their IT including innovation or design or operations or ROI or even day-to-day activities. Only a handful can claim it but at various costs.
The myriad elements of an enterprise’s technology have made it difficult to measure overall IT excellence. But network security in IT is very unique. The reason being network security doesn’t have to excel but just do its duty to get a pat on its back. At any given point every component of network security is working its best to get that name.
At an enterprise level, few companies have really UP’d their game to really excel in Network Security. Being a consultant and an architect I have realised a few tactical strategies can change an enterprise’s posture to stand apart from the commoners.
The following are some were I have implemented and experienced network security excellence.
  1. Diversify network security and consolidate outcomes
For example let a firewall be a firewall and stop having IPS, Anti-X, web/email filtering and etc all rolled into one. Reason being end of the day humans design, implement, administer and manage a system, I have never seen anyone being a king of all and perfectly configure a complete single point solution.
  1. Single source of truth
All devices, hosts, equipments, racks, components, softwares, hardwares, middlewares, tokens, certificates and everything in between that touches network security should be in CMDB. Everything needs to have an identifier, version and DOB to draw a complete picture.
  1. Map the whole network
Ridiculous you may say, but it’s possible! Ten years ago would anyone have thought it is possible to map every road in every country? So yeah this is possible as well, it helps in figuring out vulnerable points, choke points, loops, limitations, checkpoints, and many more.
  1. LOG everything
I know how many companies see this has a waste in space, power and storage. But the right logger and report generator can do wonders. A graph for usage, events, bandwidth, retries, drops, successful and failed attempts, overflows, chokes, capacity, usage and many more reports can identify whatever you want to see.
  1. Design any solution with security in mind
Whether it’s an internet facing router or a simple desktop printer or a static web page or internet connected fridge or anything for that matter make sure there is security component involved in it. Because you will never know who where how when something will get compromised.
All these points might sound common and as a standard formula but when implemented in conjunction with a true outstanding team the outcomes will be so rewarding.

No comments: