Finding and Fixing Security On Your Network Perimeter

When I final wrote on the run a risk to your network security from the fax feature in multifunction devices, it was a surprise to many readers that the telephone line could be a means of attacking network security. In fact, at that place were some readers who never realized their multifunction devices even had a fax office and that an analog telephone line might be connected. Merely if that made you feel uncomfortable, and so get set to feel your skin clamber: that'southward but one potential hole in your network security; there are many others.

The fax vulnerability exists on the perimeter of your network, which is the part that faces the outside world. This is the part of your network where your master router communicates with the internet. It's likewise the role that yous definitely try to protect with a firewall. If all were going according to plan, and so that connectedness to the cyberspace would be the entirety of your perimeter. But things don't always go according to plan.

A Menu of Mutual Security Holes

That's because nosotros live in the age of the rogue router. While your primary router is supposed to be the gateway to the outside earth and your internal routers serve to segment your network, there are sometimes routers that be on your network that you didn't put in that location or that weren't shut down equally your network evolved. In some cases, there are routers that just showed up because nobody realized they were routers.

Many rogue routers are the issue of someone in your company wanting better Wi-Fi coverage, and so they get to the shop and purchase a router that they put in their office and attach to the wired network. They get the fast Wi-Fi they wanted and you lot go a router yous didn't authorize, and that almost certainly doesn't comply with your security policy. If you look up "network security hole" in your Encyclopedia of Network Problems, there'southward a picture of this router.

Unfortunately, there are many other means to punch holes in your network security. For example, if you have employees who utilise a virtual private network (VPN) to connect to your network remotely just who are likewise on a network at the remote site, then the router at the remote end could exist a means of access into your network. This problem hearkens back to the days before personal VPNs became ubiquitous. Back and so, It staffers would sometimes initiate a VPN between an employee's domicile router and a router in the data center. This is a basic version of remote access and there are many variations on it, simply the upshot is that at present the employee's home router is really on your network. Fifty-fifty with a VPN tunnel protecting traffic betwixt those two points, it's however possible for the dwelling house router to be used as an access bespeak from which to compromise the corporate network.

And then there's the problem of the dual-homed computer. This happens when a computer with multiple network interface cards is fastened to dissever networks and 1 of those networks is outside of your perimeter. One example that you hear about frequently is when someone has a laptop connected to both the Wi-Fi network and the wired network, though this isn't necessarily a security trouble if both networks are inside the same perimeter. So once more, if the user is in a hotel, for instance, and connects using both his or her wired and wireless connections and establishes a VPN connection using just one of those interfaces, then you lot've got a user with one foot outside the perimeter.

And, of course, there's the cloud, which is likely attached to your internal network either through servers that reach them through the internet or through a VPN from your network. While most cloud sites are no less secure than your internal network (probable more than secure) you have to remember to enable perimeter security on your cloud service. That means including firewalls and other cloud security options as function of your deject configuration.

Security Hole Whack-a-Mole

Since information technology'south likely that you take at least a couple of these perimeter issues in your network, the next becomes finding them. The brusque reply is that there'southward no single way to detect all of them, but there are a couple of things you lot can do and they involve sniffers.

First, apply a network monitoring application, and let it create a detailed map of your network. This tin can take a while as the app listens to your network traffic, and from that, discerns what nodes be on your network and what sort of network exists beyond them. When I ran the Spiceworks Network Monitor during my upcoming review of these kinds of tools, I found that, not merely does it find everything on the network, but information technology as well finds what's outside of the network (if in that location'due south any sort of traffic coming from there). Fifty-fifty ameliorate, once it'south gathered all of that information, it displays information technology on a graphical network map.

Finding Wi-Fi networks is made easier by using devices such as the Netscout AirCheck G2 Wireless Tester, which can ferret out whatever Wi-Fi signal, fifty-fifty those that aren't broadcasting their service fix identifier (SSID). The Netscout AirCheck GF2 Wireless Tester will allow y'all drill down into the details of the Wi-Fi device and so you can tell if information technology's a Wi-Fi device you've authorized. Considering it can tell you lot where the betoken is coming from, it can help you locate it.

And then in that location'south the network hole called the Internet of Things (IoT). By now y'all're aware that many, if non most, IoT devices are devoid of whatever security. These create a risk considering they're easily compromised and considering information technology'south non always like shooting fish in a barrel to observe that until they're used to attack you. The best thing you tin do is to keep IoT devices on their ain network that's separate from everything else.

There'southward been a lot said about the limitations of perimeter security, and for the most office, they're true. Yous tin can't unproblematic protect your perimeter and and then presume you're completely protected, especially considering the many new ways that malware tin can use to sneak inside. The fact is, either bad guys or bad software will probably detect a way past your perimeter defenses at some point, so you need to assume that that's the case and protect everything inside your network besides. That's a carve up set up of steps, however, which I'll comprehend in an upcoming column.

For now, focus on protecting your perimeter. That'south step one. What you don't want is everyone who comes inside range of your WiFi betoken being able to take a crack at your data because, while that isn't as common as it used to be in the golden age of state of war driving, it does still happen, particularly in densely populated areas. The hole-and-corner is to have strong perimeter defenses, and in addition, accept strong layered defenses so that, when the bad guys do go in, they can't injure you lot.

Source: https://sea.pcmag.com/ipswitch-whatsup-gold/29129/finding-and-fixing-security-on-your-network-perimeter

Posted by: cannadyyountintir.blogspot.com

Share this post