MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

Layers of Network Defense

Published on 12 January 15
182
0
1

There are multiple layers of defenses that companies can implement to defend their server infrastructure and mission-critical applications from malware, hacktivists, and more. The great benefit of reviewing your network design for your mission critical infrastructure in this way is that not only does it force you to address each layer; it also provides you with a hot sheet of where to investigate if a beach does occur. We will be starting in the physical world and ending at the application actually being utilized by your employees and clients.

The physical world is where all of the physical cabling and physical equipment exists in your infrastructure. The best way to protect equipment in this part of the world is through traditional security precautions you might use for any valuable items. This can include 24x7 security, surveillance equipment, and key card and biometric authorization to access the space where this equipment is. These tools are in place in the Vault Networks data center for all of our product offerings.

The next layer would be the networks where all of these things communicate â public networks for clients to access such the infrastructure they use to access the website as well as internal networks for departments to share documents and communications. This is also how you would defend this particular layer â having everything in one network would be a problem as it is highly unlikely you want clients viewing the contracts of other clients â or your employeeâs HR records, for that matter. Because of this, it is pivotal to split up the networks into private and public areas so that the appropriate parties can access the appropriate material. VLANs are available for all Vault Networks products to enable you to create this security level. This can also be managed by utilizing firewall access rules such as those provided with our vnCloud service, or by modifying with rules that you may have in a pre-existing firewall. Just note that the firewall needs to be in the physical world defending the infrastructure as well â if you have a firewall on an unrelated network to your server, then it isn't defending it!

From this point on, things will be exclusively in the virtual world, starting with the Operating System. As any IT expert will tell you, it is always incredibly important to apply security patches and updates when available from your vendors. This applies to Linux distros such as Ubuntu or CentOS as well as Microsoft Windows Products. Typically new updates arrive on Tuesdays, so always be sure to keep an eye on these updates as they come.

The 5th layer is the most difficult element to manage of all â the User. While most users are well-meaning, without proper training an employee user of your infrastructure can be the most destructive element that exists in the picture, as they can ignore security warning and allow malware into the system from sheer ignorance (or they can do so through ill intent if the employee has a grudge). The tools available at these level are training to educate the user, and rules regarding the use of the infrastructure to ensure that no foul play occurs (or if it does then the appropriate management can occur, which will vary from company to company).

The final level is the actual application that is utilized. After all, if IT isn't managing the applications being utilized in the organization, how can you track if a bad application is what caused the problem? Appropriate tracking of any tools that are plugged into the system after initial installation is key to having a complete list of leads to look into after a breach. If IT didn't know that users were just transferring files on Dropbox, despite company rules, then finding the source of a breach can be difficult, if not impossible.
There are multiple layers of defenses that companies can implement to defend their server infrastructure and mission-critical applications from malware, hacktivists, and more. The great benefit of reviewing your network design for your mission critical infrastructure in this way is that not only does it force you to address each layer; it also provides you with a hot sheet of where to investigate if a beach does occur. We will be starting in the physical world and ending at the application actually being utilized by your employees and clients.

The physical world is where all of the physical cabling and physical equipment exists in your infrastructure. The best way to protect equipment in this part of the world is through traditional security precautions you might use for any valuable items. This can include 24x7 security, surveillance equipment, and key card and biometric authorization to access the space where this equipment is. These tools are in place in the Vault Networks data center for all of our product offerings.

The next layer would be the networks where all of these things communicate â public networks for clients to access such the infrastructure they use to access the website as well as internal networks for departments to share documents and communications. This is also how you would defend this particular layer â having everything in one network would be a problem as it is highly unlikely you want clients viewing the contracts of other clients â or your employeeâs HR records, for that matter. Because of this, it is pivotal to split up the networks into private and public areas so that the appropriate parties can access the appropriate material. VLANs are available for all Vault Networks products to enable you to create this security level. This can also be managed by utilizing firewall access rules such as those provided with our vnCloud service, or by modifying with rules that you may have in a pre-existing firewall. Just note that the firewall needs to be in the physical world defending the infrastructure as well â if you have a firewall on an unrelated network to your server, then it isn't defending it!

From this point on, things will be exclusively in the virtual world, starting with the Operating System. As any IT expert will tell you, it is always incredibly important to apply security patches and updates when available from your vendors. This applies to Linux distros such as Ubuntu or CentOS as well as Microsoft Windows Products. Typically new updates arrive on Tuesdays, so always be sure to keep an eye on these updates as they come.

The 5th layer is the most difficult element to manage of all â the User. While most users are well-meaning, without proper training an employee user of your infrastructure can be the most destructive element that exists in the picture, as they can ignore security warning and allow malware into the system from sheer ignorance (or they can do so through ill intent if the employee has a grudge). The tools available at these level are training to educate the user, and rules regarding the use of the infrastructure to ensure that no foul play occurs (or if it does then the appropriate management can occur, which will vary from company to company).

The final level is the actual application that is utilized. After all, if IT isn't managing the applications being utilized in the organization, how can you track if a bad application is what caused the problem? Appropriate tracking of any tools that are plugged into the system after initial installation is key to having a complete list of leads to look into after a breach. If IT didn't know that users were just transferring files on Dropbox, despite company rules, then finding the source of a breach can be difficult, if not impossible.

This blog is listed under Networks & IT Infrastructure and IT Security & Architecture Community

Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top