printer friendly version

More of the same, but more sophisticated

Networks have changed the world, from making it easier to share information and collaborate within companies, to having card transactions verified in real time, to the Internet that connects everyone, and increasingly, everything. Networks are part and parcel of modern life. Unfortunately, as with most technology, security was not a major influencer during the development phase of the technology and we have seen criminals taking advantage of poorly secured networks.

When it became apparent that information security needed to be part of computing and nowadays physical security as well, we started seeing people installing antivirus packages on their computers. Then firewalls were installed to protect servers and to manage what was flowing in and out of these systems. After that we had intrusion prevention solutions and other solutions that appeared as the criminal onslaught advanced.

The fact is, says Martin Tassev, MD of Loophold Security Distribution, companies have been chasing the same idea for the last 20 or more years in their efforts to deal with cyber-attacks – both internal and external. The only difference is that today’s attacks are much more sophisticated and they have a bigger footprint to target, making the job of network security so much harder.

“It’s no longer just PCs and laptops we have to defend,” he says. “Today there are many more devices that can be targeted, from smartphones to printers and other electronics that are common in businesses of all sizes, and even homes.”

He adds that many IT managers don’t know where their responsibilities start and end. For example, many don’t implement security for smartphones, even though their employees connect these devices to the corporate network and are able to access data and applications from anywhere. “Many don’t even realise what they have on their networks because there are so many devices that can connect, and it is generally easy to connect them.”

Ross Anderson.

“Hackers continue to pose threats to networking security,” notes Ross Anderson, product manager at Duxbury Networking. “With an expanding attack surface as networks proliferate and carry more devices, hackers are finding more sophisticated methods of gaining access to these devices.”

Anderson adds that IoT (Internet of Things) devices are often overlooked when it comes to protection from hackers. “With the expansion of these attack surfaces, this could well be one of the principal threats targeting networks today.”

The threats are within, and without

Because of the high profile of ransomware and the immediate impact on victims, much work has been done in fighting this malware. And it has been very successful on the whole, apart from those people and companies that are not keeping abreast of current trends.

Tassev says that due to the work done against these types of attacks, the number of ransomware attacks in 2018 has declined, which is good news. The bad news is that the sophistication of these attacks has also developed and newer versions of this malware are harder to deal with.

One of the reasons ransomware was and is such a threat is that it often, perhaps even mostly relies on insider support to gain a foothold in a company. Anderson says one of the most significant threats is posed by employees. Too many people still merrily click on Internet links or open email attachments that lead to malware downloads. Memory sticks can also be infected. Due to the sophistication of today’s malware, once it has a foothold on one computer, it can be spread to an entire company with relative ease – depending, of course, on the company’s security.

Unfortunately, all too often there is less security involved when it comes to what happens in internal communications as compared to data that moves into and out of the organisation. Anderson says this is where training and awareness is key for employees, especially non-IT staff.

Define your network

When building a network, or when focusing on securing your current network, Tassev says the first step is to define your network. This may seem like a strange statement, but he explains that today’s networks are seldom as simple as they were a decade or two ago. Not only do you have to include connectivity to branches and to the Internet in general, but more companies are opting for cloud services, which add more security problems.

And it’s not only large corporations with this problem, even smaller businesses are making use of cloud services, from email hosting to platform and application services. These need to be included in your definition of the network and secured.

“And let’s not forget Wi-Fi,” Tassev adds. “Not only does your Wi-Fi provide access from anywhere within your company, but in many cases it can also provide access outside the physical company – in the parking lot, for example. So you need to carefully define your network and create an image of where it is and where the vulnerabilities may be.”

The next step is to define what assets you need to protect, segment the network accordingly and make sure you have visibility of all traffic on the network. Visibility is another problem for security since most of the traffic today is encrypted and traditional tools won’t be able to see what is being sent and received. Tassev says it is therefore critical to ensure that equipment you use for visibility is able to inspect all traffic, including encrypted traffic.

Where to start?

To secure your network, Tassev says a modern firewall can provide most of the protection you need, but once you have defined what and where your network is, there is also additional equipment you can use to secure dedicated functions – such as remote connectivity, for example.

Since security is multifaceted, Anderson explains that it is critical to secure all entry points to the network within the broadest confines of the business, leaving no stone unturned. “In addition to strong firewall protection, network endpoint, wireless and mobile security vulnerabilities must be urgently addressed.

“It is also important to protect against an ‘exploit’ which is any attack that takes advantage of vulnerabilities in applications, networks or hardware. Exploits generally take the form of software or code that aims to gain control of computers or compromise network data.”

Then key here is not to simply buy whatever tools and solutions you can, but to develop a standard policy for your company defining what you have and how it should be protected. This includes what you will allow into your network and what will be banned. For example, can anyone with a smartphone gain access to your Wi-Fi or will employees need to register their phones on the understanding that the company can wipe the phone if it is lost or stolen?

Tassev explains that people entering the workforce today are part of the ‘Facebook generation’ in which everything is connected and always on. You need to make a policy decision whether to block all these sites, which may not be practical; allow unhindered access, which is unsecure; or figure out how to control it.

Firewalls can assist in this and companies are able to make rules that automatically follow your policy down to a very granular level. A recent development is the web application firewall (WAF), which is designed to protect corporates from web application exploits. Additionally, an Intrusion Prevention System (IPS) capable of examining all network traffic flows to detect and prevent vulnerability exploits is also a good idea when securing your networking hardware, such as routers and switches.

Tassev also stresses that the basics still apply and are probably more important than ever. By this he means changing default passwords and using strong passwords, as well as keeping firmware updated – for network hardware as well as devices attached to the network.

Sandboxing solutions are also an option. These are ideal for preventing infection by zero-day exploits, notes Tassev. A sandbox is a controlled environment outside of the corporate network, often cloud based, where files can be opened and executed in isolation – for example an email attachment can be checked before it gets to the user. If the filer does something unexpected, it can be deleted before it is executed in a live environment.

What’s on the shelf?

Both Loophold and Duxbury offer a range of solutions aimed at securing networks. Duxbury Networking supplies a wide range of security-related products including next-generation firewalls and encryption solutions along with wireless, email, web, endpoint, anti-exploit (anti-ransomware), server and mobile security offerings, says Anderson.

Tassev echoes this, noting Loophold offers the full spectrum of network security products. In addition, Tassev says that as the new data governance and compliance legislation becomes a reality (with legislation such as PoPI and EU-GDPR), Loophold will also offer a range of services in this regard.

While there are a significant number of tools out there to protect networks, Tassev says the greatest challenge is skills. There are many people out there doing IT work, but too few are really good at what they do. Your best solution is someone who understands your network, your requirements and how to manage it all effectively.

Modern-day body armour

Gareth James.

By Gareth James, network & security sales specialist for RSA, VMware Southern Africa.

Network security is certainly an area that has become the soft underbelly of any company’s surface of exposure. Enterprises have built their security around the premise of securing the perimeter, and the analogy really is like medieval castles of the Middle Ages. What happened when modern warfare moved into the age of firepower is that these castles and castle walls no longer held the same level of importance as before. The traditional network was built around a castle mentality, with firewalls protecting the perimeter – much like those physical castle walls.

Our new hyperconnected world changes the game entirely. Our laptops, cellphones and tablets are connected directly to the Internet. This may happen while also connected to the corporate network. Either way, end user devices are exposed and then walking into our network with malware/viruses already resident on them.

So, what is the solution? Many companies’ initial forays into solving this was to create multiple layers of trust and firewalling. However, these solutions are cumbersome and expensive to manage and often bypassed as they started to slow down the business applications.

The industry is now fast adopting a concept of micro segmentation. This takes a zero-trust approach to all devices and wraps the security around the targets. Network applications and services currently running on virtual machines have a micro firewall wrapped around the individual virtual operating system. Think of this as modern-day body armour, we are placing an agile, lightweight customised protection around each individual object.

This revolutionary approach of securing the inside of our networks prevents infections from taking hold and the so called ‘lateral’ movement of threats within our modern network paradigm.

For more information, contact:

• Duxbury Networking, +27 (0)11 351 9800, [email protected], www.duxbury.co.za

• Loophold Security Distribution, +27 (0)11 575 0004, [email protected], www.loophold.com

Share this article:

Further reading: