By Mike Mullins
Every piece of equipment on your network is a part of your security architecture, and the list of security-related devices and software that you can purchase has increased dramatically. Justifying what you need to buy to secure your network is crucial to achieving defense in depth.
If you're in a crunch with funds, here's a list of tools that are easy on the budget—in fact, they're free! These tools will go a long way to providing you with the information you need to make the right security decisions for your network.
The debate about intrusion detection systems is over—it's crucial that you know who's scanning your network and who's trying to tear down your defenses. Did you know that one of the most well-documented and tested IDS implementations is free?
Snort runs on almost any platform (including Windows). When combined with an open source database such as MySQL, it's a winning approach that's both reliable and extremely responsive to your existing and future intrusion detection design.
Neither of these solutions requires the latest hardware to operate. You can use the same Snort machine with three interfaces to monitor both external and internal traffic.
Download the Snort documentation, and read it over lunch. Instead of talking about implementing an IDS solution, install one today.
A fundamental part of security is the ability to recognize every device on your network and know its intended purpose. But you'll never know what's on your network unless you listen to your network.
Nmap is an excellent open source utility that provides incredible detail on the devices on your intranet and the ports those devices are using to communicate. It's essential that you scan new hardware deployments to shut down unnecessary services and periodically scan your network to discover foreign devices.
Stop guessing about what ports you need to keep open on your network. Listen to your network with Nmap, and lock down your internal access control lists.
Download the ports reference list from the Internet Assigned Numbers Authority (IANA), and create a reference document for each application that runs on your network.
Before loading a networked application onto your intranet, make sure your documentation includes which ports and protocols the application will use to communicate. Once you map out your networked applications, installing and moving servers to different subnets will be a lot simpler and less troublesome.
For each networked application, you should lock down the minimum number of ports it needs to provide service to your clients. If a vendor can't tell you what ports its application uses, find another vendor.
Security isn't free, but these tools are. From a network security perspective, you don't need a big budget to have tight security. You just need to implement the right tools—and use them.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.