A Simpler Way to Shield the Network
After 30 years in the computer science field, with much of that time spent securing networks and investigating incidents, I have come to the conclusion that most organizations do not fully utilize the capabilities of perimeter security devices, and as a result, we have to add in additional devices and software applications that tend to be more of a band aid than an actual solution.
Take network access for example, most firewalls (and router access control lists) are configured to block a few known bad IP addresses and then let every other IP on the internet have access to public facing services. This isn’t a bad idea for web traffic, we want everyone in the world to be able to access that type of public service. But it is a horrible idea for any other public facing services, especially the ones used for employees to have some form of external mobile access. So, what if we took a different approach by using a rarely used capability in firewalls? What if, instead of allowing the entire world access to our systems, we only allowed people we trusted?
Listen, for every device and application we add to the network, we need an employee to manage the configuration and updates of those devices and applications. This quickly translates into greater costs, less efficiency, and potentially overworked employees. But if we took a different approach, we could actually lessen some of the burden and overhead that has crept into cyber security. We can easily eliminate 90% of the threats on the internet by implementing the opposite trusted approach. Phishing emails with malicious links are automatically neutralized if the link’s IP is not trusted, and it likely won’t be if you set this up correctly. Ransomware that encrypts your files and forces a payment for the decryption key can also be easily neutralized with the correct perimeter settings. And the list goes on. We don’t have to worry about the next big attack as much if the firewall is used the way it was designed.
Are there other methods we need to have in place? Of course! Some of the elements of the defense in depth strategy are more useful as tools to stop insider activity or internal hacking in the rare instance a trusted network becomes untrusted. There is certainly a better balance that we need to achieve, but the standard methodology really isn’t doing the job it is touted as being able to do. If it doesn’t work, we need to fix it. LRI would love to help you think through this process on your own network. Sign up below for access to our free video about saving time, money, and resources in cyber security and to schedule a free cyber security consultation with a proven expert in the field.