How Well Do You Really Know Your Network?

Tuesday, October 06, 2015

Dan Lohrmann


So you think you know your enterprise IT infrastructure pretty well. Really? Are you sure about that?

Time for a pop quiz. Don’t worry, there are only three questions, but with multiple parts to each question:

1) How many devices do you have on your agency and enterprise networks?

a. Can you name them with IP address, basic function and applications running?

b. How many devices connect via wireless access points?

c. What do you do when you discover an unknown or unauthorized connection or app running?

d. Who reports when operational systems go down? How? To whom?

2) Do you have an accurate network diagram showing all infrastructure connectivity?

a. What systems or functions are permitted to communicate with other systems by policy?

b. Where is your policy? Do you train employees to follow policies and procedures?

c. Is your policy enforced? How?

d. How do you authorize and manage exceptions to policy?


3) How do know when someone (or something) gains unauthorized access to data?

a. What data is most sensitive and how is it protected?

b. How do you manage identities and provision system access across disparate networks?

c. Who is looking at the logs, monitoring traffic and managing security alarms?

d. What processes and procedures explain how to declare that a security incident has occurred that needs to be investigated? Who owns these functions (name a person or two)?

e. Can you account for 100 percent of the network traffic? If not, how do you resolve the traffic not accounted for?

All done. So how did you do?

If you answered all these questions successfully, you can take the rest of the day off. 

Yep. You can go home right now – but only if you have complete, correct answers for all of these questions for the entire enterprise and not just your small piece of your department’s network.

Oh, and you need your management team as well as external and internal auditors to agree and sign-off that everything is in good shape and consistently updated perfectly.

Dreaded Risk Assessments, E-Discovery and Enterprisewide Audits of IT

The truth is that no large public- or private-sector enterprise can answer these questions accurately 100 percent of the time for every one of their networks, systems, people, processes and all data. The questions may even seem like an unfair anchor around the necks of CxOs nationwide, and just going through the questions may bring back negative memories.

If these questions look familiar, that's not surprising. I basically summarized key audit questions along with the typical opening checklist to enterprise-wide risk assessments that CIOs and CISOs see in your traditional “As Is, To Be, Gap Analysis” sessions every few years.

In my experience, your team is above average if you can answer more than 80 percent of these questions accurately. The Deloitte-NASCIO Cybersecurity Study published last year identified major gaps in knowledge about network and security protections in place with many government leaders feeling uncomfortable in offering specific numbers.

Another difficulty to overcome is that hardware, firmware and application software is changing constantly in large complex networks that are evolving. Answers are given for a moment in time, but gaining a true picture of all the moving parts is very difficult – even for the best technology teams with years of experience.

Exceptional network management requires a robust ITIL framework that is working well, along with pros that really understand their strengths and weaknesses in each core discipline. For example, you need database experts, network experts, system administration experts, security experts, great project managers, programmers who test code well, secure applications, tools from competing vendors that all work together as a united team.

In addition, the security implications are huge. If you don’t know “what is normal” how can you possibly identify dangerous hackers, unauthorized applications or concerning behaviors of insiders? How can your team restore systems or get data back to “normal” after system or network outages like the big halt experienced on Wall Street earlier this year?

The challenge is immense, especially when you consider that a hacker only needs to be right once.

Three Red Flags to Watch Out For

There are some recent warning signs that raise additional red flags. Sadly, these challenges are increasing the network management stakes to even higher levels in mid-2015, whereas the items spoken up to this point can be traced back decades. Nevertheless, it is true these items have always been with us – especially in hot tech markets with skills shortages.

1) Staff turnover problem is getting worse amongst technology staff. While every organization needs fresh blood and young talent, the number of veteran technology professional changing jobs, leaving companies and governments or retiring right now is a major concern. In this hot security job market, many experts are looking for greener pastures. Also, baby boomers are seeking second careers and taking their years of experience with them.

TIP: Make sure that cross-training occurs and clear roles and responsibilities are documented – along with clear policies and operational procedures.

2) Shadow IT is growing along with rogue cloud computing usage that the tech team knows little about and may be out of control.

TIP: Solutions to this issue include increasing visibility with a cloud access security broker (CASB).

3) Excellent vendor and contract management skills are lacking in government. Government CxOs who face extreme challenges in these infrastructure areas often like to bring in private-sector partners as an "easy fix." Of course, there’s nothing wrong with the expert from out of town coming in to help or using contractors.

But while partnering with external solution providers can certainly help, remember that accountability and responsibility for results and outcomes always live with the data owners and CxO involved.

Simply put: You can outsource the function but not the responsibility.

Final Thoughts

While all of this may seem rather depressing, there certainly is hope for the future.

Recent breaches, and the international emphasis on critical infrastructure protection, are helping raise awareness of the importance of technology infrastructure improvements. Many organizations are currently building “next-generation” networks with new projects that are well funded.

There are numerous frameworks, checklists and solution providers to help. The recent OPM breaches in the federal government are causing new thinking and a higher priority to these essential network architecture topics.

What’s my main point? Don’t waste any opportunity to reinvent your network or infrastructure when you get the chance.

In the meantime, get to know your network a little better – right now.

Dan Lohrmann is an internationally recognized cybersecurity leader, technologist, author and CSO of Security Mentor, a pioneer of innovative security awareness training that drives real behavior change by combining engaging, highly interactive training with content-rich lessons that convey critical security information.  

Note: An earlier version of this article published on Government Technology.

Cloud Security Infosec Island IDS/IDP Network->General Enterprise Security
Hardware Information Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.