As we move into 2013 organizations are likely to see increased regulatory compliance requirements, growing private and hybrid cloud implementations, software-defined data center consolidation, Bring Your Own Device (BYOD), Big Data, HTML5, IPv6, and more. All of these bring unique security challenges so there’s no better time than now to get prepared! Here are a few key considerations for an IT security management checklist that you cannot afford to skip.
Monitor Your Logs
Event log data may not be a problem-solver by itself, but it can provide a wealth of information related to your network security. Log monitoring and management can be as simple as collecting logs with a syslog server or as advanced as implementing a Security Information and Event Management (SIEM) system.
By integrating with your network devices and security appliances, A SEIM system will help you interpret the circumstances of the activities that are non-compliant with your organizational security policies by: aggregating and analyze the event logs in real-time, correlating the log instance with other network event, producing a meaningful and timely diagnosis for immediate threat prevention or remediation, and providing automated responses following security best practices
Ensure that you have the right SIEM software in place for log collection, analysis, real-time correlation and automated response.
Manage Your Firewalls
Firewalls, being the gateway in and out of the secure enterprise network, will always remain an organization’s primary network defense and, as such, require active management. Automated firewall management systems provide the ability to:
- Build and modify firewall rulesets and manage them constantly to cover IT security rules and organizational web access policy
- Test firewall rulesets before deploying them into the IT environment
- Clean up unnecessary and redundant firewall rules and objects
- Track and manage all the firewall changes that are happening across the network
- Conduct periodic security audits to identify critical hosts exposed to dangerous services
Ensure you have a firewall management system in place that can help manage your firewall activities.
Automate Your Configuration and Change Management Process
Most network administrators would agree that the majority of network problems they experience can be traced back to an incorrect, unauthorized, or non-compliant device configuration change. Such changes, as evidenced by some well-publicized network disasters, can lead to a myriad of network problems—from exposure to dangerous security risks, to legal penalties for non-compliance, to costly business downtime.
By automating the configuration and change process, you can more easily create, implement, enforce, validate, and maintain standards across the organization. Network configuration management is a daily operational activity, not a one-time task. As such, it’s imperative to have the right standards and policies in place AND the right tools to enforce and maintain those standards—not just for increased network availability and performance, but for enhanced security and compliance.
Automate network configuration management to protect your network from security threats, maintain compliance, and reduce costly downtime.
Secure the Endpoints
Out-of-date security patches make workstations an easy target for security breaches. With the increasing number of new viruses and malware that plague workstations and servers, pro-actively keeping your security software and system applications patched and up to date is critical.
Pro-active patch management calls for
- Comprehensive audit trail of software on end-user workstations and servers
- Customizable mass deployment options to patch applications uniformly
- Compliance reports that show the status of patched and unpatched desktops, servers and VMs
- Automated scheduling of patch jobs to avoid manual errors and omissions
Leaving workstations & servers unpatched only increases their susceptibility to both internal and external incursion not just into a single endpoint, but the enterprise network as a whole.
Ensure you are equipped with a centralized and automated patch manager software for comprehensive endpoint vulnerability management and compliance.
Your Data Has Left the Building
Owing to its compact size, there’s a high possibility of your corporate data walking right through your door on a USB drive. While it is probably not practical to deny access to USB drives, you can mitigate the risk of data loss or malware with automated USB detection capabilities. This is another area that a SIEM system can shine by protecting data and applications with real-time notification when USB devices are detected, and automatically disabling user accounts, quarantining work stations, and automatically rejecting unauthorized USB devices.
Safeguard your corporate data from endpoint data loss and the introduction of malware with the appropriate USB detection and prevention system.
Who’s Hogging my Bandwidth?
Network traffic passing through workstations and other endpoints such as employee-owned personal devices (BYOD) is also a major area to be constantly monitored. This will ensure users are not getting into unsafe domains and websites that could, in turn, cause havoc by opening the company up to web-based malware, spear fishing or credential harvesting attacks.
Monitor network traffic across your network to check for users connecting to insecure domains and website
Access Points Gone Rogue
A rogue access point (AP) is a wireless access point that has gained access into secure enterprise network without explicit authorization from the network administration team. This could be a standalone (aka thick) or controller-based (aka thin) access point. These unauthorized rogue APs open wireless backdoors into wired networks.
There could be numerous unauthorized APs in and around the airspace of your corporate firewall. There could be Wi-Fi devices from employees who bring personal devices into the corporate WLAN and APs from neighboring concerns that may be accessible to your network because of proximity. And then, there are the actual rogue APs that pose potential security threats by infringing into your corporate network.
While all of these malicious and non-malicious access points need to be monitored, it is the responsibility of the network administrator to ensure the malicious ones are contained and eliminated.
Make sure to choose the right network monitoring software that supports both thin and access points and their associated clients for WLAN monitoring and rogue access point detection.
Who Connected to Your Network & When
Network user and device tracking is becoming increasingly important to track and monitor which user connects to which switch port or access point by mapping the username and MAC address with the port number or SSID. For both wired and wireless devices, IT security and network administration teams must constantly be able to know which user and device connected to which port and when, historical data of users’ connections to ports and Wi-Fi access points, and if an unauthorized or rogue device shows up on the network
ü Be prepared with a security system that helps watch out for user connections to switch ports and identify unauthorized devices.
These are not the entire list of items for your IT security checklist. These are some crucial aspects of IT security management plan that you cannot afford to miss. It’s not just the network, or the systems and applications that are part of IT security. There are so many factors contributing to both strengthen and weaken IT security. When problems are from diverse sources, the solution cannot just be singular. IT security preparedness is all about getting equipped with the right ammunition for the right problem at the right time. Choosing the effective tools to help combat security threats is up to your budget and application.
About the Author
Brad Hale is the product marketing principal for SolarWinds network monitoring software products and brings over twenty years of product management, product marketing, strategy and business development experience from the software, systems, and semiconductor industries. He has a BSCEE from Purdue University and an MBA from Butler University.