Today SANS has commented on the growing network perimeter (link). While this is fair comment, especially that it does occur in most organisations, it does not have to be like this.
Statements like:
Statements like:
There are a surprising number of people that do not know all the servers connected to their network (especially internet facing ones), or all the links in to the network. One of the worst examples I’ve come across was an organisation that had 8 links to other organisations with people connecting to a server in the middle of their network. Purpose? Unknown. The links had been in place for 5 years and most of the IT staff had rotated out of the area. The bills were being paid monthly and because the cost was relatively low, nobody questioned the charges.
should be a thing of the past. Bad documentation, especially when help desk tools are so prevalent, is just bad organisation (and poor management). Ensuring that this does not happen comes down to a rigorous change process and enforcement of policy.
In addition to the points that Mark Hofman (although he generally outlines them in his piece) you should really be aware of:
In addition to the points that Mark Hofman (although he generally outlines them in his piece) you should really be aware of:
- the Endpoint - Big point here, this can be the weak point on your network, What information can be uploaded and downloaded from the endpoint? What classification do you give to that data? Has a TRA or RMP done on the Remote access solution (RAS)? Do you allow people to use their own equipment? Is the equipment secured adequately? Can you enforce that the Endpoint has patches that the rest of your SOE has? Virus definitions and malware signatures up to date? Solutions like Citrix Enterprise Gateway ca check your endpoint for compliance.
- the Network that the information passes through - Not many people are aware of how fragile the common network infrastructure is, and how readily it can be exploited. HackADay give a round up of cracking the GSM A5 Cracking.
- the reliability of the network can also be a concern, how can you ensure uptime on remote hops
- New, seemingly small, changes to the environment - This has caught me by surprise many times. Changes requested by users not scoped properly requiring massive changes in the environment. This could include things like the change to the whole infrastructure.
- Support agreements - when a new product comes on board make sure you know how they are supported by the vendor. Do they require dial up lines, additional VPN hardware, additional devices (because you don't allow anyone to connect that does not have your SOE)
0 comments:
Post a Comment