SANS 20 Critical IT Security Controls #5: Boundary Defense

Internet accessing client systems and network devices are always a potential source of threats from hackers. Hackers constantly probe internet facing systems for configuration and architectural vulnerabilities, which they can use as initial entry points to your IT infrastructure. Once they gain this access, it’s easier to burrow into the system to get a hold of the really critical systems that store sensitive information. Hackers also use these initial entry points to exploit vulnerable systems that are part of an extranet linking business partner networks.

If you’re merely relying on old fashioned firewalls for networks, you’ll be surprised to find out how easy it is to bypass the network protection by hackers who bypass those boundary protection systems. The most important security measure to prevent the exploitation of the boundary defense vulnerabilities is to efficiently segment your networks and strengthening the segmented networks by using proxies and firewalls. You must clearly demarcate internal systems from the demilitarized systems and the extranet systems. Thus, an intrusion into a segment of your network will be limited to just that segment, instead of providing easy access to the entire enterprise network.

Effective defenses against boundary intrusions include multilayered firewalls and proxies, demilitarized perimeter networks and the latest versions of intrusion prevention and detection systems. Companies can use both white lists and black lists to control network communications. You must also deploy intrusion detections systems on both the internet and extranet demilitarized systems to spot attacks. You must also design and implement network perimeters so all outgoing traffic passes through a minimum of one proxy on a demilitarized network. You must also track and monitor all your remote login access by controlling the system configuration and installed software, as well as the patching levels. Your system administrators must also scan the network for connections such as unauthorized VPN connections that may be bypassing the demilitarized zone. You may also want to limit network traffic to just those services that are needed for performing business services.

Leave a Reply

Your email address will not be published. Required fields are marked *

*