Corporate invasions have afflicted countless businesses – including Sony, Target, Anthem, Home Depot, and J.P. Morgan. All are victims of customer data theft, corporate espionage … or just an airing of ‘dirty secrets.’ The government has hardly been immune, with high-profile infiltrations of the IRS, the White House’s email system, and the U.S. Office of Personnel Management.
What happened to them could certainly happen to others, maybe even your company. Scratch that … likely even your company.
While organizations now recognize the need to protect their networks, many still struggle with how to accomplish it. Some are looking for a silver bullet, and while that search is likely futile, a perfect place to start is to know your network. Really dig in there and determine the extent of the network. Identify exactly what comprises it, including any connections to external networks.
Do you have an accurate inventory of all active IP addresses on your network? All active devices connected and a profile of those devices? Are you fully aware of all IPv6 infrastructure on your network?
How about those things that seem unremarkable on the surface, but which can often yield some surprises? Such as an index of certificates or an index of routing info. What about routing loops or highly connected routers?
Let’s not forget about ports. Do you know all of the active TCP/UDP ports on your network?
And have you looked into non-responding network segments and public SNMP responders?
Whether you believe the network perimeter is dead or not, there is still an “edge” to your network in terms of where your network management responsibility lies. Can you identify your network edge?
Really understanding the true architecture of your network is foundational to proactively defending your network.
Phew! Glad that’s done? That’s just the beginning. Now that you have full comprehension of the network architecture, don’t forget to take steps to delve into the segmentation policies of your network.
Make sure you gain knowledge of any unknown connected segments of your network, any unauthorized connectivity between zones/enclaves/business units.
What about outside access? Are there any unrestricted egress or ingress paths to your network? Maybe from the Internet, or maybe from a vendor or supply chain partner.
Make sure you uncover any Layer 2 leak paths that could bring risk to your organization. Take the time to identify any devices with unknown routes or stealth routers.
Hey, hackers are just going to keep trying to attack networks. But doing a better job of laying the foundation to build adequate defenses will go a long way in minimizing any successful attempts.
So, go ahead … really get to know your network. She’s a complex creature.