Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Where does your network end? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Where does your network end?

One thing we pretty much all agree on is that the perimeter of our networks are expanding.  No longer is the border of the environment the corporate firewall.  The perimeter has been extended to portable devices,  employee homes,  the coffee shop in downtown Delhi, the processing centre in Chennai and of course the numerous third party connections that terminate somewhere in the network.  

One thing that is obvious when doing audits, there are precious few organisations that know the extent of their perimeter or have a good knowledge of the internal network.  Knowledge of which server does what is usually fairly good, but often you do hear the phrase “oh, I wonder where that come from”, or worse “I wonder where that line goes?” usually followed by “What’s that traffic”.  There are a surprising number of people that do not know all the servers connected to their network (especially internet facing ones), or all the links in to the network.  One of the worst examples I’ve come across was an organisation that had 8 links to other organisations with people connecting to a server in the middle of their network. Purpose?  Unknown.  The links had been in place for 5 years and most of the IT staff had rotated out of the area.  The bills were being paid monthly and because the cost was relatively low, nobody questioned the charges. 

Knowing what is in your network, who connects to it and how is essential in keeping a clean house.  Your perimeter has now extended through VPNs to employee homes.  How are they protected from the internet?  Are you providing them with a reasonable firewall? Taking care of malware for them?  How is the exec in the internet cafe in Delhi connecting to the network?  Is his password still his own?  The staff in the processing centre, are they vetted?  In your VPN solution, are you allowing all traffic to pass through to the internal network or are you doing the right thing and controlling the traffic that enters the network by VPN?  Third party connections, how are these managed?  Do you know who you connect to and where they are connected?  Is the traffic controlled or do they have full access to your network?  Mobile devices, laptops, phones, blackberries, Iphone, etc.  how are they secured?  What information is available on the devices? Is it encrypted?  Are they company owned or personal devices?  If personal how much control do you have over the devices? And the most important question that you will have to ask is “How do you know”.  How do you know that the measures you put in place are working?

I know we all already have a long list of things to do, but you might want to consider adding the following tasks:

  • identify and document third party connections
  • for all connections to the network identify the controls in place to manage traffic, malware and other nasties.
  • identify and document how staff connects
  • identify/develop relevant policies for the above


Where does your network end?

Mark H - Shearwater

Mark

391 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!