By Mike Mullins
Whether you've been a network security administrator for years or you're just starting out, it never hurts to review the basics to make sure you've left no doors open. Network security isn't just about defending your network from outside attacks. It's also about making sure the right people have access to the right information.
If you focus on this concept, you'll safeguard your information from both outside intruders and inside hackers. Networks don't begin with wires, servers, and clients; they're born on paper—and that's where security begins.
Put it on paper
Good networks begin with a diagram, and network security begins with good policies. If you don't have a security policy, you'll have to react to events rather than prepare for them.
Develop a policy that specifies the purpose of your network and the responsibilities of each user (including administrators). Inform users specifically what they can do while using the network, and list a few obvious examples of forbidden activity. Develop a baseline of authorized applications and a method for controlling installation of new applications.
By defining the purpose of your network, you'll identify what type of traffic is normal for your network, which helps you develop an access control policy. You should base all of your access controls on a policy that yields the least amount of privilege.
Begin at the network layer
Restricting access doesn't start with your users; it starts at the network layer. Define which ports and protocols need to be open between your users and your servers. Then block everything else at a switch or router closest to the source of the traffic.
Trojans and other malware need ports to operate. Deny their traffic, and you'll render them useless by only allowing traffic necessary for a user or server to operate on your network.
Firewalls, routers, and switches have evolved. Firewalls filter allowed content. Routers and switches direct allowed traffic through the network. Use routers and switches to block unnecessary traffic, and let the firewall log, filter, and proxy traffic to its final destination.
Read your log files
If you're not reading your log files on a daily basis, you might as well turn off logging on every device you have. But that probably won't fly well with the legal department or management. Decide which network and user events you need to audit, centralize those log files through a log server, and read them every day.
Log files are essential to troubleshooting and security. You'll never know how someone compromised your network if you don't audit the proper events. By actually reading your log files, you'll be able to discover problems before a customer or user complaint reaches your attention.
Network security isn't difficult. It's just a matter of deciding what network and user activity needs to take place and implementing the proper tools and control mechanisms to control that activity.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.