Summer in the Server Room: Strengthen IT SecurityJuly 16, 2013 No Comments
Featured article by Vinod Mohan, a senior product marketing specialist at SolarWinds
It’s summertime—the season of fun in the sun and beach vacations. But as business slows down, what’s happening in the server room and network operations center? Unfortunately, security threats know no seasons, which means neither does IT.
On the bright side, with more people out of the office, business demand on IT is often lower during this period, which makes summer the right time for conducting a comprehensive security check of the network to ensure all security systems are up to snuff, policies are intact, and software is updated. Conducting this analysis and security tuning now will reduce headaches later on, and bolster IT security when business returns back to normal.
So, where to start? To help make the job easier, here is a checklist of critical network elements to inspect for security lapses and loopholes, updates and fine-tuning.
1. Revisit Security Policies
Policies are aplenty across the IT landscape, and every security policy plays a crucial role in defending the network against breaches and non-compliance. As such, it’s extremely important to revisit key network and security policies, and check if there are any vulnerabilities or new security conditions to be factored in.
Some important network and security policies to look at are:
- Network and firewall security policy
- Desktop and server security policy
- Internet and email security policy
- Remote access and VPN security policy
- Wi-Fi and BYOD security policy
- Privacy and encryption policy
- Compliance policies such as PCI-DSS, HIPAA, GLBA, SOX, FISMA and other federal regulatory norms that are applicable to the organization
2. Scan for Endpoint Vulnerability
Vulnerability management is a key security strategy for endpoint security defense. Businesses suffer immeasurable financial losses and damaged reputations due to cybercrimes that target vulnerabilities in applications running on workstations and servers. Make use of the reduced employee activity and scan all servers, workstations and network devices for vulnerabilities. This involves:
- Running vulnerability scan on all enterprise systems
- Assessing the severity of the vulnerability and the risks associated with it
- Patching all software, operating systems and other applications to keep them updated
- Updating hardware drivers and firmware on network devices and servers
Centralized and automated patch management is key to maintaining updated and secure system software and third-party applications.
This may also be the best time to update the inventory of both software and hardware assets, and capture details of what version they are running, when the software licenses expire and when a device is nearing end-of-life.
3. Inspect Network Device Configuration Changes
Unauthorized or erroneous configuration changes are quite common on the network. An unknowing administrator may inadvertently and incorrectly reconfigure critical device settings, or a malicious malware or script can offset router, switch or firewall configurations. Network configuration and change management (NCCM) addresses this by monitoring device configuration changes, comparing configuration between devices, backing up configuration states, archiving them, and even allowing rollback of configuration to an earlier state.
A change to a network device configuration may impact the production environment even when rolling back to an earlier configuration. Summer provides the opportunity to leverage reduced network activity and set right configuration changes with minimal impact to the business. And, to simplify this process and reduce the risk of human error, automated network configuration management tools can be put in place.
4. Clean Up Firewall Rule Base
Regardless of network size, firewalls accumulate an ever-growing list of redundant rules and objects, along with conflicting rules and unused rules, all of which can cause mayhem in firewall management. Not only are there compliance mandates associated with cleaning up unused firewall rules and objects, there are genuine security risks as well.
Make it a point to clean up firewall rules this summer.
- Analyze firewall configurations and logs to isolate redundant, covered, and unused rules and objects
- Identify structural rule redundancies that cause errors and impede firewall rule base efficiency
- Find stale rules based on rule hit counts and traffic data captured in the firewall logs
- Use automated scripts or a firewall management tool to help with the clean-up process
5. Baseline Network Performance
Network performance monitoring—distant as it may seem—is very much related to IT security. Unchecked performance of networking devices can lead to increased security risks, which is why establishing a network performance baseline is such a crucial task of network administration. It provides a comparison that will allow quick identification of network traffic changes and anomalies that can be indicative of a problem such as malicious activity.
Summer provides a quiescent period to define performance baselines and align them with network service-level agreements.
- Determine the network performance expectations based on corporate policy or predefined SLAs
- Monitor metrics including CPU and memory utilization, bandwidth consumption, traffic packet flow and VoIP data transfer
- Set alerting thresholds on performance metrics to send notifications when the status overshoots the accepted standards
Unfortunately, network performance and security are often traded off for one another in smaller organizations. However, it’s important to remember that there is a thin line between the two when it comes to protecting the network.
Before preparing summer retreats, take this relatively less noisy network period to give IT equipment a check-up, and in turn, help rev up network performance and augment overall network security. Then, sit back, relax, and enjoy the summer like everyone else—with the peace of mind that the network is in tip-top shape!
Vinod Mohan is a senior product marketing specialist at SolarWinds, an IT management software provider based in Austin, Texas.
DATA and ANALYTICS , DATA SECURITY, Fresh Ink, Top Stories