Whether you have a dedicated Information Security team where you work or not, securing a company’s information does not simply fall on the shoulders of that security team. Every team in an organization needs to do their part to protect the company’s sensitive data. From the perspective of network professionals, we provide the highways and roadways for the data to travel. With that responsibility in mind, there are many things we can do to assist in the protection of that data as it travels through the network.
Here are three security tips that can help improve the security posture at your organization:
2FA All the Things
Years ago when I was a kid, my family didn’t have much. This meant that what we did for fun had to be a little “budget friendly.” What was more budget friendly than taking the train into Chicago’s O’Hare airport to watch planes take off? My mom and I would walk in, pick a random terminal and sit down. We spent time simply watching planes come and go. As a kid it was fascinating. As an adult I find that particularly terrifying. As we all know, accessing airports is not as simple as it was decades ago. You cannot simply walk in and wander around with no intention of boarding a plane. Now there are checkpoints to cross and verifications that need to occur. Sure, this means you need to show up at the airport a little earlier, but those checkpoints and verifications are there for our safety. This is the same as Two-factor authentication (2FA) or Multi-factor authentication.
Many of us already use 2FA at some capacity in our personal lives. It might occur when we access online banking or even Facebook. There is that second factor that is needed so you can finally login. You enter your username and password, but then the system needs to really make sure it is you by sending you a text. It might also allow you to enter numbers from a third-party authentication app on your phone. Sure, it might take a little longer to access your destination, but it is all in the name of security. Think of your last airport visit; you had to take your shoes off. 2FA is a way for you to take your virtual shoes off before you are allowed in. Companies need to head in that direction as well. Bad actors do what they can to obtain users’ credentials. Once those credentials are out there, it is possible for malicious entities to use them to authenticate. If 2FA is implemented, that second-factor of the text or authentication app would still be needed. Companies can enroll employees in a 2FA solution requiring it before they can access any external or cloud app.
Segmentation is a broad word in the world of IT. Ironically it is there to ensure the access users or systems have is not broad. Segmentation can be implemented between networks, systems and even processes. The goal is to ensure A can only talk to A. Perhaps you need A to talk to C. That can happen, but now you are aware A and C need to talk. You are also aware who or what A is and for what purpose A needs to talk to C. Thinking back to my childhood and the visits to the airport, we had no business being there. Well, I did want to see planes take off so I guess there is that. Realistically, we were not going to board a plane so there was no purpose for us to be at the airport. You can say there is a form of segmentation applied in air travel. We purchase a ticket so we can travel. This ticket allows us to go to the airport and line up. Hopefully we did not forget our identification. Once we are verified that we are who we are supposed to be, we are allowed in towards further checks and balances. We are scanned head to toe as well as our belongings. When everything is 100%, we can finally proceed to purchase some over-priced coffee. It takes a lot of work to set this system up. The same applies in the world of IT. It is not as simple as tossing in a firewall and calling it a day. There has to be ongoing discussions between networks, security, developers, server teams, etc. The goal is to know what is traversing the network, where is it going, and what is the purpose. Should Server A on this subnet talk to Server B on that subnet? Maybe not. However, if they do need to communicate, perhaps they don’t need every single service port open between them. The goal is: “If you see something, say something.”
This Old Config
I have an idea for a show that I’d like to pitch some public broadcasting channel. I’d travel around to different companies, inspecting the configurations they use on their infrastructure. I’d say mean things about how they do not use their vendor standards, have no baselines, and haven’t upgraded code in 500 days. Somehow, I’ll find a way to hit something with a sledgehammer. Joking aside, one of the most important things we can do security-wise is to just keep things up to date. Yes, a 500 day Up Time shows stability, but it also means you haven’t upgraded the device in at least 500 days. Vulnerabilities and flaws can exist in code and software. Always keep up to date with your vendor’s recommendations on what version you should be using. Sign up for emails on what vulnerabilities might exist. Attackers find ways to cripple an asset simply by finding a vulnerability they can use as leverage against you. Vendors also have recommendations on what configuration can help secure a network, whether it is at the edge or internally. It can take multiple outage windows, licenses, or after-hours work, but just like a roadway, work is needed to fill in those pot holes that form over time.
When it comes to securing valuable information, there are many options that can help improve the security posture for users and networks. Attackers will not stop. They will continue to do what they can to stay one step ahead. This is why it is important to layer in security where possible. I wrote about three tips: Implementing two-factor authentication, adding segmentation, and simply keeping things up to date. Some of this is not free, but companies need to look at the risk that exists when nothing is done. Securing the network is an ongoing journey.