3.1. Understanding Infrastructure Security

As the name implies, an infrastructure is the basis for all the work occurring in your organization. Infrastructure security deals with the most basic aspect of how information flows and how work occurs in your network and systems. When discussing infrastructures, keep in mind that this includes servers, networks, network devices, workstations, and the processes in place to facilitate work.

To evaluate the security of your infrastructure, you must examine the hardware and its characteristics as well as the software and its characteristics. Each time you add a device, change configurations, or switch technologies, you're potentially altering the fundamental security capabilities of your network. Just as a chain is no stronger than its weakest link, it can also be said that a network is no more secure than its weakest node.

Networks are tied together using the Internet and other network technologies, thereby making them vulnerable to any number of attacks. The job of a security professional is to eliminate the obvious threats, to anticipate how the next creative assault on your infrastructure might occur, and to be prepared to neutralize it before it happens.

The following sections deal with the hardware and software components that make up a network.

3.1.1. Working with Hardware Components

Network hardware components include physical devices such as routers, servers, firewalls, workstations, and switches. Figure 3.1 depicts a typical network infrastructure and some of the common hardware components in the environment. From a security perspective, this infrastructure is much more than just the sum of all its parts. You must evaluate your network from the standpoint of each and every device within it. It cannot be overstated: The complexity of most networks makes securing them extremely complicated. To provide reasonable security, you must evaluate every device to determine its unique strengths and vulnerabilities.

Figure 3.1. A typical network infrastructure

Notice in this figure that the network we'll be evaluating has Internet connections. Internet connections expose your network to the highest number of external threats. These threats can come from virtually any location worldwide.

NOTE

Network infrastructure devices are covered in detail later in this chapter.

Compile an Infrastructure List

As an administrator, you have to deal with a variety of devices every day. Not only must you attend to the needs of the servers, but you must also maintain Internet access, manage a plethora of users and workstations, and keep everything running smoothly. You can have firewall after firewall in place, but if you're allowing a salesperson to dial in from the road with minimal safeguards, that connection becomes the baseline of your security.

In this scenario, survey your network and compile an infrastructure list. Make a note of all the devices that are connected—permanently or intermittently—to your network. See if you can answer these questions:

  1. How many servers are there? What is the function of each, and what level of security applies to each?

  2. How many workstations are there? What operating systems are they running? How do they connect to the network (cabling, wireless, dial-in)?

  3. How does data leave the network (routers, gateways)? How secure is each of those devices? Are firewalls or other devices impeding traffic?

  4. What else is connected to the network (modems and so on) that can be used to access it?

In all honesty, this information should already exist and be readily accessible. If your organization is like most others, though, the information doesn't exist, and devices are added as needed with the intent of creating documentation at some future point in time. There is no better time than the present to create it.

One issue to watch out for is the "It can't happen to me/us!" attitude many seem to have. Be prepared to handle it by explaining that it can indeed happen and you need to be actively doing all you can to prevent it.


3.1.2. Working with Software Components

Hardware exists to run software. The software is intended to make the hardware components easy to configure and easy to support. To a certain extent, however, that software can also make the hardware easy to bypass.

The network infrastructure illustrated in Figure 3.1 includes servers, workstations running operating systems, a router, a firewall (and there may be some that run as applications on servers), and dedicated devices that have their own communications and control programs. This situation leaves networks open to attacks and security problems because many of these systems work independently.

Many larger organizations have built a single area for network monitoring and administrative control of systems. This centralization lets you see a larger overall picture of the network, and it lets you take actions on multiple systems or network resources if an attack is under way. Such a centralized area is called a Network Operations Center (NOC). Using a NOC makes it easier to see how an attack develops and to provide countermeasures. Unfortunately, a NOC is beyond the means of most medium-sized and small businesses. NOCs are expensive and require a great deal of support: factors beyond the economy or scale of all but the largest businesses. After a NOC is developed and implemented, the job doesn't stop there—the NOC must be constantly evaluated and changed as needed.

NOTE

If your organization does not employ a dedicated security professional but you still need to implement security measures, one approach is to outsource to a Managed Security Service Provider (MSSP). MSSPs offer overall security services to small companies and can be more cost effective than adding a dedicated individual to the payroll.

AT&T Wireless NOCs

AT&T Wireless maintains a huge NOC for each of the cell centers it manages. These centers provide 24/7 real-time monitoring of all devices in the cellular and computer network they support. The operators in the NOC can literally reach out and touch any device in the network to configure, repair, and troubleshoot it. A single NOC has dozens of people working around the clock to keep on top of the network. When an AT&T Wireless center goes down, it effectively takes down the cell-phone service for an entire region. As you can imagine, this is horrendously expensive, and the company doesn't let it happen often. There are several NOC facilities in the United States, and one region can support or take over operations for another region if that center becomes inoperable.


..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.167.176