• Choose a category
• All
• Classic-Fiction

FIGURE 3.1 A typical network infrastructure

Notice in this figure that the network we’ll be evaluating has Internet connections. Internet connections expose your network to the highest number of external threats. These threats can come from virtually any location worldwide.

Network infrastructure devices are covered in detail later in this chapter.

Real World Scenario

Compile an Infrastructure List

As an administrator, you have to deal with a variety of devices every day. Not only must you attend to the needs of the servers, but you must also maintain Internet access, manage a plethora of users and workstations, and keep everything running smoothly. You can have firewall after firewall in place, but if you’re allowing a salesperson to dial in from the road with minimal safeguards, that connection becomes the baseline of your security.

In this scenario, survey your network and compile an infrastructure list. Make a note of all the devices that are connected—permanently or intermittently—to your network. See if you can answer these questions:

1. How many servers are there? What is the function of each, and what level of security applies to each?

2. How many workstations are there? What operating systems are they running? How do they connect to the network (cabling, wireless, dial-in)?

3. How does data leave the network (routers, gateways)? How secure is each of those devices? Are firewalls or other devices impeding traffic?

4. What else is connected to the network (modems and so on) that can be used to access it?

In all honesty, this information should already exist and be readily accessible. If your organization is like most others, though, the information doesn’t exist, and devices are added as needed with the intent of creating documentation at some future point in time. There is no better time than the present to create it.

One issue to watch out for is the “It can’t happen to me/us!” attitude many seem to have. Be prepared to handle it by explaining that it can indeed happen and you need to be actively doing all you can to prevent it.

Working with Software Components

Hardware exists to run software. The software is intended to make the hardware components easy to configure and easy to support. To a certain extent, however, that software can also make the hardware easy to bypass.

The network infrastructure illustrated in Figure 3.1 includes servers, workstations running operating systems, a router, a firewall (and there may be some that run as applications on servers), and dedicated devices that have their own communications and control programs. This situation leaves networks open to attacks and security problems because many of these systems work independently.

Many larger organizations have built a single area for network monitoring and administrative control of systems. This centralization lets you see a larger overall picture of the network, and it lets you take actions on multiple systems or network resources if an attack is under way. Such a centralized area is called a Network Operations Center (NOC). Using a NOC makes it easier to see how an attack develops and to provide countermeasures. Unfortunately, a NOC is beyond the means of most medium-sized and small businesses. NOCs are expensive and require a great deal of support: factors beyond the economy or scale of all but the largest businesses. After a NOC is developed and implemented, the job doesn’t stop there—the NOC must be constantly evaluated and changed as needed.

If your organization does not employ a dedicated security professional but you still need to implement security measures, one approach is to outsource to a Managed Security Service Provider (MSSP). MSSPs offer overall security services to small companies and can be more cost effective than adding a dedicated individual to the payroll.

AT&T Wireless NOCs

AT&T Wireless maintains a huge NOC for each of the cell centers it manages. These centers