The government’s 10 Steps to Cyber Security points out that “Connecting to untrusted networks (such as the Internet) exposes corporate networks to attacks that seek to compromise the confidentiality, integrity and availability [of IT environments].”
A firewall on the perimeter of your network that carries out deep packet inspection, monitoring the traffic coming into the network is essential. As is robust antivirus with the ability to filter websites and inbound emails to guard against malicious links and phishing attacks.
You need to be looking out for malware that is attempting to get into the network, emails that have Trojans hidden in them, websites with poison links and any other network traffic that may be harbouring malicious software. It’s important to remember though that the landscape isn’t fixed, it’s constantly changing as new attack methods are developed and malware mutates to avoid detection.
Protecting the environment
Protecting the environment is made more complex by distributed enterprises that have branch offices and remote or roaming users, or data centres that use technologies like virtualisation and the cloud.
The CESG guidelines say you need to: ”Filter all traffic at the network perimeter so that only traffic required to support your business is allowed, and monitor traffic for unusual or malicious incoming and outgoing activity that could indicate an attack.” For any CIO and IT administrator, these are basic first steps.
The approach taken will however be determined by the IT environment. When protecting the perimeter you need to consider that your network is full of applications that a port-based firewall fails to identify or control.
File sharing, social networking, personal email and streaming media are just a few of the applications that can evade your firewall by hopping ports, using SSL, or non-standard ports. Blocking these applications may impact on the business. As such, you need an approach to create effective firewall-control policies that extend beyond the traditional 'allow or deny' approach.
Similarly, if you’re protecting a virtualised data centre you’ll need to consider how to enable and protect applications moving across the cloud, how to isolate applications and how to eliminate the security lag as your cloud environment changes.
If you wish to safeguard a distributed environment, another approach is required. It’s common in these environments to see clients with smaller branch offices, employees working remotely from home and roaming users. In fact, users often move from one location to another within a day. While it’s great for productivity, it can lead to dangerous inconsistencies and IT compromises.
Although each environment requires a different approach, each essentially has the same goal, to optimise visibility, increase control and eliminate policy configuration gaps.