How To Make Your Network Secure

The Cyber Security Question

Year after year, cyber security is reported by analysts as the number one fear of all IT managers, from global CIOs to those running a small network of two or three people. Cyber security threats are at an all-time high, because the stakes are at an all-time high.

Historically, the typical cyber security threat might be from a smart but misguided teenager, writing code to create nuisance on the Internet and impress their peers.

In the last decade, the threat has grown exponentially. Now the big threats are from organised criminals, who are either looking to harvest information, or looking to use your systems as tools for their illegal activity – be this crime or terrorism.

Increasingly, these malicious actors will come in (maybe on a weekend) take over your systems, use them to commit crime, and then depart. When you come into work on a Monday everything looks fine and you might not even know it has happened. 

Many smaller organisations think “we’re too small to be noticed, nobody would want to bother with us”. Don’t kid yourself; the bad guys (the malicious actors) use automated systems, and those systems are scanning the Internet looking for vulnerabilities. If your cover isn’t strong, they can be in and out without ever being detected.

 

What to do?

These things are true:

  • The problem isn't going away. In fact the challenge gets more complex every year.
  • The bad guys will get at your network if they really want to. The CIA got hacked, after all.
  • The important thing is to understand where YOUR bigger challenges might be, and address them because this allows you to decide how to spend your security budget wisely.

The trick is to develop a layered, structured response to your security challenges. Start by working to understand where you are right now, and then develop a plan that covers three key areas:

  • How are you going to prevent security incidents?
  • How are you going to detect security incidents if they happen?
  • How are you going to recover if you are the victim of a breach?

 As the FBI has observed, there are two types of business out there; those that have been the victims of a cyber attack, and those that don’t know they have yet. GCHQ has also said that when it comes to cyber security attacks, the question now is not "if", but "when".

 

Prevention

Whilst it is almost impossible to render any system as completely secure, that doesn’t mean we shouldn’t put strong prevention systems in place to deter all but the most sophisticated attackers.

In a typical organization, prevention tools include:

  • Firewalls: If yours is old, it’s time to revisit. Not only will it almost certainly be insecure, but recently we’ve seen the role of the firewall evolve to a cleverer, more capable version of itself. Now the device on the edge of your network might also perform the functions that were previously elsewhere, such as intrusion detection, anti-virus duties, and many others.
  • Anti-virus systems. Too often we still see partial implementation of this technology. AV needs to be implemented on all relevant platforms, and coupled with an auto-update policy that makes sure all user systems are up to date.
  • Access Control systems – these technologies control who is allowed onto the network, interrogating new network clients before they connect, ensuring that they will not compromise security.
  • Physical control systems – Locks and access control on server rooms and other sensitive spaces so that only those who need to get to servers can get to servers
  • Policy tools – rules about use of the network, such as what people should do when connecting to wireless networks, where they can go, what is acceptable use, etc.
  • Timely patching of systems. This is probably one of the most important things a business can do, and is also probably one of the most neglected tasks. And by patching we don't just mean PC operating systems, but all applications, appliances, firmware, and everything else that might represent a vulnerability.

    Many successful attacks originate through authentic looking emails with malicious attachments or links that an unsuspecting user may open or click. If the user's device has an unpatched vulnerability that is able to be exploited by the malware, the malicious actor may well then have a bridgehead within the network to scan, either manually or automatically, for other vulnerabilities on other devices. Whilst a device such as a PC may eventually get cleaned and disinfected, an infected printer may well linger unnoticed for a much longer time.

Many businesses based their security around firewalls and anti-virus solutions, and consider themselves covered. Often, these organisations looked at areas such as access control and intrusion detection some years ago, and were put off by (relatively) high prices when those technologies first became mainstream. If that’s you, time to look again. The cost of these solutions is much lower, and the evolving threat means that these elements are essential even in a modest enterprise.

 

Detection

Detection systems are looking for unusual activity or traffic patterns, or looking for attempts to break in. They will spot attacks and will raise an alarm accordingly. Often, they will also quarantine or disable the attempted attack, depending on its nature.

It's important that any such systems are set up correctly; the system shouldn't flood the operations team with lots of accurate but irrelevant information. This approach makes the important incidents difficult to see.

It's important that detection systems pick up outbound connections to Command and Control (C&C) networks that malware and botnets like to use.

Detection systems should also be focused internally. Many security breaches are internal. Allow access to systems on a needs basis, and make sure that internal attempts to crack security are spotted.

 

Recovery

If there is a breach, how fast can we fix it? How can we make sure that the impact on our operations is minimised? This is where business continuity and disaster recovery come in.

Business continuity is about what kind of resilience is built into your systems to allow you to continue to operate in the immediate aftermath of a great disaster. There is no “one size fits all” answer here, but the questions are not technical ones, they are really about business operations.

Disaster recovery is about how fast you can recover to a position where the impact of the incident has been eradicated. In cyber terms, this is about having great, appropriate, and well tested backup solutions. Increasingly this is about off-site, cloud-based, backup services. 

The two key metrics here are Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Recovery Time Objective defines how quickly you want your systems to be fully operational. 

Recovery Point Objective defines how old you want the data to be that is recovered, i.e. how much can you afford to lose? Can you afford to lose a day’s data? Is it three days? Or is it an hour? These considerations will define what backup and recovery systems and policies are needed.

This should be coupled with regular reviews of policy and strategy for security, and a “what did we learn” review whenever there is an incident.

Out of this approach – assessing your readiness for prevention, detection, and recovery - comes a security plan that is right for your organisation and your budget. We will then help you implement this using the right tools and components, and then we will help you monitor your defences to make sure that they are working.

We are also able to provide security testing and audit, including internal and external penetration testing.

How can we Help?

icn-network

IT Cabling

Learn More
icn-wireless

Network and Wireless

Learn More
icn-security

Security

Learn More
icn-camera

Boardroom AV

Learn More