I’ve been doing quite a bit of reading on this subject, specifically as it pertains to network security measures. I wanted to provide an overview of some principles it makes sense to be aware of.
According to Catherine Paquet from the book, Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, 2nd Edition, there are four ways to deal with network security risks. These four methods are reduce, ignore, accept and transfer.
Reducing risk is the meat and potatoes of network security. Four activities can lead to reducing or mitigating risks: limitation/avoidance, assurance, detection and recovery.
Limitation/avoidance is generally creating as secure an environment as possible which would block potential negative actions/attacks from happening. Limitation/avoidance involves strategies like installing firewalls, intrusion prevention devices and/or RADIUS/TACACS+ servers and other devices to enhance network security.
Assurance means having a plan to make sure that all security rules, policies and standards are followed correctly. Or as a mentor of mine says all the time, “Inspect what you expect.”
Detection through intrusion detection devices is only one part of the detection step. It is arguably less important than acting once an attempt is made to breach or harm your network.
The last way to reduce risk is an organization’s plan to recover their system to a fully operational state after an event has occurred. Every organization needs to be proactive and develop a fully integrated plan of recovery in advance.
Uhhhh… don’t ignore security risks. That really should go without saying.
Ignoring a risk – while listed as one of the fours ways to deal with it – is not an option for any IT professional. If you are aware of a risk it needs to be accepted, transferred or reduced.
Accepting that some risk is unavoidable is a normal part of any security plan. Natural disasters are always possible, but designing a building to be able to survive a natural disaster is far too costly. This is where the concept of transfer comes into play.
The cost of recovery after unavoidable risks like natural disasters should be transferred to insurance coverage or by setting up full disaster recovery (DR) back-up sites. Transferring risk means having a separate plan in place to handle unforeseen and unpredictable issues.
You can improve information security using technical controls such as firewalls, intrusion prevention systems (IPS), VPN concentrators, as well as various password controls. There are now also technical controls that combine many of these devices together into one piece of hardware. These are known as next generation firewalls.
A next-gen firewall includes firewall functions with other network device-filtering functionalities. A next-gen firewall can include things like IPS, deep packet inspection (DPI) and threat intelligence security services.
Other technical controls are threat detection devices such as a FortiSandbox from Fortinet. These devices inspect and analyze suspicious and at-risk files. Analysis is performed in a contained environment or “sandbox” to uncover the full attack life cycle using system activity and callback detection.
For example, an email arrives with a suspicious file. That file is inspected and moved into a “sandbox” area where the file is allowed to run, and then the results of that file’s functionality are analyzed to see what will happen – is it malware or a clear file? Once that conclusion is made, and the file is cleared, the email is sent to the client. All this is done seamlessly and extremely quickly.
That may be the most important point here. It’s extremely important to implement security measures that protect your organization, while also providing a quick and seamless experience that does not disrupt normal business functions. With proper due diligence, it’s very possible to deliver that kind of security experience.
CXtec can help you reduce the security risk to your network in many ways – well, except if you do decide to ignore the threats! In addition to offering technical control devices like firewalls or next-gen firewalls, CXtec can help you manage the life cycle of your infrastructure.
Partnering with CXtec will allow you to make smarter investments in security and help reduce your spending of those precious budget dollars on infrastructure and cabling needs. CXtec can help you turn your hardware investments into true assets!