Content

A Network Security Checklist

Due to the abundance of Internet security attacks, the news over the past year has been flooded with warnings and reports of numerous network vulnerabilities.

Network devices are continuously being compromised to set the stage for distributed denial-of-service attacks (DDoS) - leaving no enterprise, service provider, government agency or educational institution out of harm's way.
Consider this recent example. A CERT-issued report warned against intruders targeting routers for attack. Routers are a common target due to poor configuration management and the widespread usage of factory-default and other password types that are vulnerable to attack. As organizations struggle to understand the security vulnerabilities that exist within their network devices, IT managers need to recognize that just going out and purchasing a number of security products will not give their businesses the protection they need. They need to do something different. They must devise a plan and institute a process that mitigates security risks and minimizes loss.

Here are seven steps that network managers can implement today to increase the integrity of networks. Though these steps are most powerful used in concert, implementation of any of them will increase the security of your network:

1. Rapidly deploy fixes to network devices in response to
    newly identified security threats.

    Almost half of all security breaches happen because available
    fixes were applied too late, or not at all. To obviate this risk,
    implement a process for quickly updating network devices when
    security vulnerabilities are discovered, whether by the vendor,
    CERT or another reliable source. This need was made quite clear
    by last summer's Code Red attacks that infected hundreds of
    thousands of computer systems, and crashed thousands of out-of-
    date Cisco DSL routers.
    Code Red was not atypical - remember, almost half of all
    intrusions occur because existing fixes were not deployed.
    Organizations could have avoided Code Red vulnerabilities in their
    network devices by ensuring that they were updated with the
    latest software. Network administrators need to establish a set
    time period (x minutes/hours/days/weeks) within which security
    vulnerabilities will be corrected on all devices. Organizations
    should base this time period on their risk tolerance for network
    breaches that might occur before a fix is implemented. Keep
    centralized records and perform regular audits to measure
    adherence to this policy.
2. Use a different administrative password on every network
    device.
    This past September a major service provider's network went
    down, taking thousands of customers with it. The attacker had
    discovered that the service provider had used the same
    password for thousands of individual devices - and used this
    knowledge to turn all of these devices into bricks. Using a single
    password across all devices compromises the entire network.
    Furthermore, using a single password leads to using the 'lowest
    common denominator'-strength password throughout your
    network. Do not decentralize password management among
    administrators, instead maintain centralized control of passwords
    to ensure their availability even when individual administrators
    are unavailable or are no longer employed by the organization.
3. Schedule regular changes to network device passwords.
    Determine the acceptable time period between password changes
    based on the cost and risk of security breaches to the
    organization. Develop the processes necessary to support that
    change schedule and to keep auditable records of changes.
    Recognize that changes must be more frequent for devices that
    only support low-strength passwords.
4. Immediately change passwords when employees leave
    the company.

    When an employee who knows the network device passwords
    leaves the company, change all of the passwords as quickly as
    possible.
5. Maintain consistent security across the network.
    Security is only as strong as its weakest link, so it is important to
    have consistent strong security across the network. Strong
    security at one Internet connection point, and weaker security at,
    for example, a remote site, results in a vulnerable network.
    Some sort of automated process or a purpose-built network
    security control system should be used to ensure that when
    changes are made, they are made consistently across similar
    network services. For example, most companies know that they
    must deactivate user passwords when employees leave the
    company; they need to also recognize that it is at least as
    important to change network device administrative passwords
    when network personnel leave.
6. Maintain a centralized repository of network devices on
    the network.
   
Often organizations do not know the current state and
    configuration of all of the devices that are part of their network. A
    case in point - the Microsoft incident where routers went down
    and all online services were shut down. If Microsoft had kept a
    centralized repository of network device configurations, they
    would not have had to reconstruct device configurations from
    scratch - a task that consumed many hours and resources at the
    expense both of customers and reputation.
    Companies need to maintain a repository of network device
    information (including their IP address, settings, software,
    passwords). There are 'discovery' tools that will crawl the
    network and identify the IP address of devices on the network. A
    network security control system can use this list of IP addresses
    to gather the other information needed for a usable repository.
    Use the network security control system to perform periodic
    audits of network devices to detect 'configuration drift,' i.e.
    changes to devices that were made outside of standard operating
    procedures. This is a quick and decisive way to catch both rogue
    employees and malicious outsiders.
7. Track all changes to the network in a centralized
    repository.
    Given the importance of networks to businesses today,
    organizations need an automated and systematic means to track
    the state of their network. Fundamental to this is tracking all
    changes to the network (e.g. changes to firewall configuration
    and router firmware levels). This information should be kept in a
    secure central repository accessible to privileged administrators.
    If a security breach occurs and the organization needs to provide
    records to outside agencies - such as insurance companies,
    auditors or the courts - it's essential that historical records are
    available and current.

Mark Epstein is CTO and co-founder of Ponte Communications (www.ponte.com). Ponte provides network security control software that allows enterprises and managed service providers to centrally control network security policy.

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.