Vulnerabilities in your network infrastructure are the foundation for most security issues in your information systems. These low level vulnerabilities effect nearly everything running on your network. From business critical applications to workstations, even mobile devices. It is important to quickly identify and eliminate them as soon as possible.
When you assess the security of your network infrastructure, look at the following:
Network Devices: Where devices are placed on the network and how they are configured; like firewalls or intrusion protection systems (IPS)
Looking from the outside in: What can be seen externally by attackers when performing port scans and how they can exploit vulnerabilities in network hosts Network Design: Internet connections, remote access, layered defenses and placement of hosts
Security Devices: Interaction of installed security devices like firewalls, intrusion protection systems, antivirus, anti-malware etc.
Network Protocols: What network and security protocols are being used? Ports: Commonly attacked ports that may be unprotected Host: Network host configuration
Monitoring: Network monitoring and maintenance
What are the risks? If any one of these vulnerabilities are exploited, anywhere on your network, the consequences can be detrimental. Lost data and valuable resources may never be recovered and many small businesses lack the capacity to overcome such challenges.
DoS Attacks: Hackers can launch a denial of service (DoS) attack which can take down your internet connection or even worse, your entire network.
Security breaches: malicious employees or anyone else can use network analyzer tools to gain access to confidential information and files sent over your network. This can lead to financial loss and legal liability. Back Door: Hackers can set up a back door into your network, allowing them access at anytime
Hosts: hackers can use local vulnerabilities to attack specific hosts across the entire network
More Reading: Cybersecurity: A Small Business Guide – Business News Daily July 28, 2015 http://www.businessnewsdaily.com/8231-small-business-cybersecurity-guide.html
Before assessing your network infrastructure security, test your systems from the outside in, the inside out and the inside in – on and between internal network segments and demilitarized zones. Your network security assessment will require the right set of tools. You may need more than one as no single tool will have everything you need. You’ll need port scanning, protocol analysis and network vulnerability tools. There are some excellent commercial shareware and freeware tools available. Just remember, you get what you pay for. Be sure to do your research and due diligence to compare features of the tools you select. I’ve done some research of my own and compiled some of my favorites.
Scanners and Analyzers These tools provide the port scanning and network testing you’ll need. Cain & Abel http://www.oxid.it/cain.html
Network analysis & ARP positioning
Essential NetTools http://www.tamos.com/products/nettools Variety of network scanning functionality
NetScan Tools Pro http://www.netscantools.com Network security assessment functions include; ping sweeps, port scanning, SMTP relay testing and more Getif Http://www.wtcs.org/snmp4tcp/getig.htm SNMP enumeration
Vulnerability Assessment These tools allow you to test your network hosts for known vulnerabilities as well as configuration issues that can potentially lead to security exploits.
GFI LANguard http://www.gfi.com/lannetscan Port scanning and vulnerability testing
All-in-One tools for in-depth vulnerability testing
General Network Defenses A few good practices can help prevent many network problems, regardless of specific security concerns.
Use stateful inspection tools that monitor network firewall traffic sessions: Help ensure that all traffic through the firewall is legitimate and can prevent DoS and other spoofing attacks
Implement rules for packet filtering: based on traffic type TCP/UDP ports, IP addresses and specific interfaces on routers before traffic is allowed to enter your network.
Use Proxy filtering and Network Address Translation (NAT) or Port Address Translation (PAT)
Find and eliminate fragmented packets entering your network: Fraggle or other types of attacks via an Intrusion Protection System (IPS) Include all network devices in vulnerability scans
Firmware & Security Patches: Update firmware and apply security patches for all devices on your network. Check for firmware updates periodically and apply patches as necessary.
Use strong passwords: Even better, use passphrases on all network systems. Be smart, don’t use the same password for everything. Use symbols, upper and lower cases as well as numbers in your passphrases.
Don’t use IKE aggressive mode pre-shared keys for VPN: At least be sure your passphrase is strong and changed periodically. Every three months or less is a good rule to follow.
Always use SSL (HTTPS) or SHH when connecting to network devices: Better still, do not allow access to critical devices outside of the network. Segment the network and use a firewall on the following: The demilitarized zone (DMZ) The internal network Critical subnetworks (business function or departmental)
We hope that you have found this information helpful and encourage your interaction. Tell us about similar experiences, tips and advice, useful tools and guidance. Your comments and feedback are appreciated and will benefit others with overcoming security challenges and addressing network vulnerabilities. Subscribe to receive a monthly notification of new posts featuring practical tips and solutions for managing your small and medium sized business.