Add To Your Onion

security-onionConnect to any network today and most of the time you will find a firewall between you and the “rest of the Internet.” From the home router to big multicore systems, they are there. Businesses spend lots and lot of money on equipment to protect their network – The most obvious being some fancy firewall to “keep the bad guys out.” But the single biggest threat to a secure network is the people and systems that are inside the network.

Users! They use the same password for their personal email or Facebook account as their workstation and change it almost as often as the paint their house. They click on every funny email chain that comes through. They will gladly answer personal questions from “internal HR auditing”. They follow links from social media to shortened URL’s leading to questionable destinations.

Time and time again we see that the way into a network is not directly through the firewall, but through what is behind it. All that is needed is a single workstation or low level system that is already inside the network. From there it is simply a matter of time until something sensitive is discovered and lost as the attacker works on other systems. No matter how much you spend securing your application from the outside-in, it doesn’t matter if an attacker can just go after an employee instead.

Encryption, while it has its place, doesn’t necessarily help. Encryption of information in transit is critical so long as it’s a modern encryption scheme. But if information is encrypted on disk and an attacker has a keylogger running in the background then all of the passwords to decrypt the information are given away.

What to do then?

Here are a couple of good practices that can go a long way to improving security without depending on users to make difficult decisions related to security problems they may not fully understand.

  1. Web content filtering with active updates. Be able to prevent users from accessing known malicious sites. Make sure it updates frequently as the sites change frequently. Quick tip – Don’t go trying to block the world! It will only encourage users to try and bypass it routinely.
  2. Deploy password managers at the user level and server level to everyone and have training in how to use them. Educate everyone in what a secure password actually looks like and then change the passwords on a routine interval.
  3. Patch early, patch often. As more firms employ responsible disclosure, the patches will be released just before the vulnerability itself is disclosed. The window for patching to prevent further damage is potentially as short as only a day or two.
  4. Don’t forget the basics! Have a solid firewall, intrusion prevention systems, and vulnerability detection program. The newest firewalls do layer 7 filtering and can actively block traffic on ports that are actually open because of the traffic type, not just the port.
  5. Perform full-scope outside security audits at least once or twice a year. Once a user understands how easy it is to be tricked the more alert they will be. Seeing it in action is far more educational than a slide deck.

Finally, don’t just go checking boxes on the I-have-this-tool list. All of the practices, tools, and education must be constantly monitored, kept up to date, and validated.

Also consider that the protections you put in place on your business network don’t help your users when they take their laptop home at night or travel on business. Evaluate your threats and spend the money where it has the biggest gains for your security program.

Doug Bell
Senior Infrastructure Consultant