A recent discussion I started on Spiceworks regarding network security returned a number of excellent responses. I need to take a moment and thank all those that participated. IT professionals passionate about their work and choose to contribute to communities such as this need to be recognized and appreciated for their efforts. There are few things more rewarding in life than having a love and drive for what you do and those that contribute in open discussion on topics such as this that matter most deserve my admiration. As the title of this post clearly indicates, there is a real risk of harm by former employees/contractors/visitors having been provided access to the network in order to perform their duties.
The dangers are widespread: Securing wireless and wired (local and remote) connections need to be equal parts convenient, secure, and manageable. These fronts need to be addressed and the respondents offered many valuable approaches to both. From physical access, WEP, encryption, radius servers, Active Directory, policies and procedures to wireless keys, MAC addresses, wireless access management, company-issued equipment, and 802.1X enforcement, these all offer available variations to suite any need.
Wireless poses the greatest risk. Without having to enter the building, a former employee can hop onto the network from the parking lot if their access hasn’t been sufficiently locked-out. Sometimes however, access keys are shared among many users and to change that would be impossible without inconveniencing users. The concepts that I found having the most promise were environments where the user’s wireless access was tied to their Active Directory account, implementations of Network Access Control, and visitors and contractors, having a segregated network that only provides Internet access with separate controls.
It’s important to note that having a written policy that’s documented and performed each time network access needs to be denied is a must-have.
Additionally, having this audit trail of changes automatically recorded and reported on is the only way to document that changes were made to keep someone out. This is especially essential for organizations bound by regulatory requirements such as SOX, HIPAA and PCI. Without these, there’s much left to chance that the admin missed a step forgetting to disable VPN access, for example. The audit trail must also be available to demonstrate to an auditor or internal security requirements that all the necessary actions were performed. This requires knowing where the access points are and what needs to be done to management if they aren’t tied into Active Directory or some other means of network management system.
NetWrix can play a significant role here to detect and report changes. With tools like the Identity Management Suite and Change Reporter Suite, maintaining an audit trail of access both permitted and denied is easy. These tools help administrators manage their environments from monitoring account status, lockouts and removal of inactive users as well as keeping the audit trail of user accounts disabled and enabled which will help improve security in many of these situations.
Have you looked at the thread? Whose answer is best in your opinion or do you have an alternative that was not mentioned here? Share your thoughts below: