20 years ago, it was easy to create and administer your own company network. You cabled the computers (typically desktops) in a daisy chain or to a central switch, connected to a modem and accessed the early wonders of Internet and email.
There was no such thing as ransomware, data theft was confined to government or big business and social engineering was a thing that only advanced hackers like Kevin Mitnick practised.
If you built your network the same way today you’d be on a hiding to nothing. Giving all the end-points on a network the ability to see each other is a recipe for insecurity.
Why? Because when one node gets compromised, an attacker will look to move laterally in the network to compromise the other devices that he or she can see. If all your devices are on the one level, they’re all that much more vulnerable.
One of the more recent articles at Techvera has a section on network segmentation that neatly describes the issues at stake.
These days it’s all about “Trust”. It’s a concept that’s at the heart of our network design. And for us, the default is “No trust” between different computers.
Take this example: We’ve recently been in discussions about designing and building the IT function for a hospital in PNG. The hospital will have various kinds of imaging and pathology devices, a patient record system, doctors’ computers and tablets, reception desk, maintenance, administration, a local mobile telephony service, security devices like IP cameras, printing and patients/guests who want to bring their own devices with them.
We can’t apply the same level of trust to all those devices because the risks are too great to the work of the hospital.
The fixed imaging and pathology devices that are core to the hospital’s functionality will be on their own network so that they can’t be accessed from other devices if they’re compromised, and so that they can be given priority access to the limited satellite bandwidth. We will “trust” them more than, say, the administrative computers, which will be connected to email and possibly subject to attack by social engineering. We wouldn’t want an attacker to be able to see the $250,000 CT just by compromising an administrative PC and looking sideways in the network.
In turn, the administration computers will be trusted more than guest devices, which we will allow to connect to the hospital’s internet, but with no visibility into other devices inside the grounds.
By studying the clinical practice of the hospital and the risks associated with various devices that need to connect to its network, we will be able to design a network that keeps the hospital functioning smoothly, even when one part of it might suffer a compromise.
You can apply the concept of trust in network design to any business. At the very least, computers owned by visitors to your business should be offered a Guest network where they are provided access to Internet only, with no visibility into the Corporate network.
You can also manage threats via user type as well. Forcing different users to access different networks depending on their threat profile means that regardless of the device they’re using, their ability (and an attacker’s ability) to see other devices on the network is dictated by their login. A user with powerful administrative rights shouldn’t be on the same network as a BYOD user whose device is travelling in and out of the corporate firewall every day, for example. Placing them on different networks mitigates certain risks all by itself.
Of course, it’s wise to combine network design with comprehensive end-point protection and a managed firewall as well as patch management and other services. But profiling users and/or devices and splitting them up into different networks is a fundamental network security tactic.
Talk to us about how to design in more security at the network design stage for your new business.