My background isn’t security – it’s networking. Before cofounding NetBeez, a network monitoring startup, I used to design and build large-scale enterprise networks. Even if routing and switching has been my bread and butter, I have always been interested in network security. In the past, the network guy didn’t have to be all that involved in InfoSec, but that’s all changing now as, always more, cyber attacks originate from remote IP address in the form of remote exploit and DDoS. Now Network Engineers are actively involved in security and we are forced to work with the CISO office.
A recent Washington Post article covered the L0pht testimony at the United States Senate on May 19, 1998. The goal of that public appearance by the L0pht group was to bring to the government’s attention the fact that software companies were not investing enough time and resources to secure their software. That negligence was a real concern for the ethical hackers because widely adopted software and operating systems had serious yet simple flaws (e.g. buffer overflow). As result, even a script kiddie could have easily exploited and gained access to critical systems supporting operations of the Government, the Federal Reserve Bank, or public utilities.
Seventeen years after that public appearance, software companies are paying more attention to the security aspect of their products, investing considerable capital into securing their applications. But still, almost on a weekly basis, we hear news of a cyberattack causing major disruptions. For example, last week, CNN reported how a group of malicious hackers were able to successfully ground 1,400 passengers in Warsaw by knocking the system used by plane pilots to generate flight plans out of service. Fortunately, this incident did not cause any accident or physical harm to passengers or personnel, but did take a toll on the airline that suffered the attacks and on the passengers that saw their flights delayed or canceled.
I believe that malicious hackers are and will always be part of the digital community. However, a good network administrator should implement basic security measures that will mitigate or decrease the risk of being the victim of a cyber attack. Below, I will list some basic measures:
Use of strong passwords - Choose a complex password with eight or more characters, including numbers, special characters and capital letters.
Limited privileges - Give users limited privileges and restrict their access to the minimal set of resources needed to perform their work or function.
Do not use shared accounts - Default accounts should be disabled or removed and shared password should not be used.
Use encrypted connections and strong authentication methods - Disable telnet and use ssh on network equipment like routers, switches, and firewalls. It is the same for wireless - use WPA2 rather than WEP or WPA, which are known to be exploitable.
Logging and accounting - Enable logging and accounting whenever is possible and use a centralized log collector.
Close unneeded services - Disable unneeded services running on your host. That will decrease the number of open TCP/IP ports that can be attacked.
Segregate sensitive assets - Sensitive systems should be place in a highly protected network segregated from the rest of the network by network firewalls. Access to the secure network should be allowed only via VPN or physical access.
Update your systems - Keep the system up to date, installing the latest patches and security updates as soon as they are available.
I would like to hear from you about anything else that you think should be added to the security basics of a network administrator.
About the Author
Stefano Gridelli is cofounder and CEO of NetBeez (netbeez.net), a distributed monitoring solution that verifies network connectivity and application performance from the user perspective. Before NetBeez, Stefano worked as a network engineer, leading network design and implementation projects in complex network environments. Follow Stefano on Twitter https://twitter.com/Stefanogridelli