Secure Your IT Perimeter from Attack

David Higgins from 4ITSec

Your “IT Security Perimeter” and it’s Vulnerability

The “security perimeter of your IT system” is generally considered to be where your system meets the outside world and all the threats it contains; due to the high level of threats, this perimeter needs to be secured and, most importantly, it needs to be monitored – daily.

It the days of cabled networked systems, it was a relatively simple job to draw the perimeter as the “firewall” that was considered to be the point where your internal IT systems met the Internet (network based) connections.

Nowadays, due to the huge growth in the number and type of differing devices attaching to the IT system, things are more complex and it becomes more difficult to define that security perimeter; each device attaching to your network should now be considered when drawing the security perimeter.

Some of the main areas of threat to take into consideration are - 

  • Wireless access points - the introduction of wireless technology has had the most impact on opening internal networks to external threats; unprotected wireless access points represent major loopholes into the enterprise network.
  • Mobile devices – (laptops, iPads, tablets & phones) by their very nature are “mobile”; they connect to various networks at various locations, some securely within the organization’s perimeter, and some on different networks which are not secured. The mobile device must be securely configured to act as part of the perimeter.
  • Applications that traverse through firewall policies – applications and software have to be accessed by users and other related applications to fulfil their functions - this can expose the application to unauthorised access. These applications can often be left “open”; all the applications should be secured to allow the “application servers” to perform as part of the security perimeter.
  • BYOD – Bring Your Own Devices - one of the most difficult areas to control from an IT organization’s point of view as these are not owned by the IT department. Redefine your perimeter with these types of access methods in mind and ensure that they are secured.
  • External devices allowed on to the internal network temporarily – such as DVDs, USB Flash Drives and external hard drives are a major threat for internal IT security. Typically not scanned for viruses and access is often granted to an unrestricted network segment, which in itself is a security issue.
  • IP-Enabled devices internal to the network often require a number of open ports in the firewall and are often contacted from the Internet in order for them to function properly; to allow this, these devices are often “IP enabled” after their initial configuration, and should be secured as they act as part of your perimeter.

Any of these can, singularly or in combination, provide outsiders access to your system; every one of the devices should be treated as part of, or a point on, your IT Security Perimeter.

The IT Security Perimeter must be secured and then monitored constantly to ensure the systems are secured - get your system checked - get your system constantly monitored.

If you’re not sure how secure your perimeter is, organise a “vulnerability scan” to be run against your network or system; it will highlight issues and vulnerabilities found within your system configuration (open ports, missing patches, poor configuration, etc.) when compared against a current “known threat” list. The resulting reports produced, will highlight areas of concern detailing the issue found, further detailed information and/or a recommended fix.

Some IT systems have to be able to prove their security for commercial or legal reasons; often, this would be done with a “penetration” (PEN) test – effectively someone trying to hack into your system (this time with your permission). The PEN test will have been arranged with the company management, the type of testing to be carried out and the expected results, along with the time and place of the test.

Your security perimeter should be scanned “internally” and “externally”. An “internal” scan will show any vulnerability within the internal network; scan on a quarterly basis. An “external” scan is run daily to ensure that any weaknesses and vulnerabilities are highlighted against an ever fluctuating threat list.

  • Internal Scanning – is the process of scanning all of your devices for vulnerabilities from within your own IT infrastructure. Scanners on the internal networks can perform credentialed patch and / or configuration audits, in addition to detecting malware, integrating with patch management systems, and many other features.
  • External Scanning - gives the perspective of the external view – the hacker’s view. Your Internet-facing systems face a much larger and diverse threat, yet it is amazing how many organizations are not scanning it on a regular basis. An external scans will detect vulnerabilities in your web servers, web applications, and indicate certain compromises of your Internet-facing systems.

Your IT Security Perimeter must be secured and then monitored constantly to ensure the systems are secured - get your system checked - get your system constantly monitored.

Please contact me for any further assistance on these and other IT Security related questions.

Share this

Gold Patrons