Security means different things to different people. For IT, it means securing the network from external intruders and protecting valuable data from prying eyes internally. Since the dawn of the information age, readily available information has come with a price. Securing information in our interconnected world is not always as easy as putting a lock on the virtual door. There is an entire world filled with all kinds of people having varying motivations. Time and again we see headlines of intrusions wreaking havoc. Those responsible for security auditing scramble to provide answers and plug the holes. Here I’ll discuss three simple concepts to improving network security you must know and integrate into your technical consciousness.
Control Access: Use password policies to keep users honest and secure machines so passersby can’t sit down and rewrite the company financials for the past quarter. You need to know who’s accessing your network including who is successful and who’s not and from where. Segregate information on the network such that you can implement tighter controls over your more valuable assets. As simple as it sounds, lock your server room or data center. Require people to sign-in and out for access. Require identification. Lock servers and configure them to all logout after a period of inactivity. Physical security is widely overlooked and the simplest measure to implement. If you have a dispersed network of locations and mobile users, this information needs to be automatically logged and centrally stored so it can be reviewed on an ongoing basis. Find a tool that will let you do this easily and quickly.
Determine what is at risk: Document not only where the outside meets the inside, but also internal network segmentation and structural topology. These will be the points where you will want to carefully watch who is attempting to come in, from where and using what services. Document what’s accessible from the outside as well as what can be accessed between the internal borders of your network. Eliminate or manage through auditing your entry and exit points. Look for ways to close off ports that are unnecessary and retire old systems where possible. Make documentation a top-3 or top-5 priority. If you share responsibilities with other administrators, teams or subordinates, it’s time to get everyone on the same page and make network security a cultural priority.
Know your 4Ws: Changes are the single most important thing to be aware of. Know who is changing what, when and where. By detecting and reporting on changes, you are in a far greater position than someone waiting for the phone to ring or that e-mail to tell you there’s a problem. Most who will do harm or steal information want to do so as silently as possible. Reporting on changes provides greater visibility into the day-to-day activities in your environment and keeps everyone more honest and accountable.
Your responsibility is to implement standards and controls for users and systems, understand what is at risk and what changes are taking place each day while. At NetWrix, we provide change auditing solutions for the enterprise focusing on robust, easy-to-use and affordable software solutions. Our products detect changes on Active Directory, Group Policy, Exchange, SQL, file servers and appliances, VMware, Server Configurations, Event Logs, Password Management, User Management and a wide variety of tools for other areas aimed at securing your environment such as our USB Blocker. Our widespread use of snapshot reporting gives you immediate visibility into who has access and to what.
What are you doing to secure your environment? Do you have your own set of basic principles for security? Share your thoughts below.