3 ways to secure networks against current, future threats
- By Chris LaPoint
- Oct 24, 2013
In both the actual and virtual worlds, the threat to security is real and has growing potential for catastrophe.
There are currently two lines of defense: technology and troops, both of which are becoming increasing entwined. That’s because the frontlines are no longer only in Afghanistan, but online, in the network infrastructure that is providing troops with communications, intelligence and directives. As a result, troops are being asked to secure both territories and IT networks.
But the battlefield is not the ideal place to manage IT security; soldiers have their hands full there already. Rather, efforts at securing IT networks should be ongoing, and with consideration for potential long-term effects and threats.
Easier read than done, of course. Technology is constantly changing, and what we know to be true today may not be the case in five years. But there are several things that will continue to happen based on today’s realities:
- The cloud will likely become more of a target as it evolves into a primary means of storing and accessing data;
- Malware will continue to run rampant;
- Hackers will keep looking for ways to breach all military networks, both virtual and physical;
- Personnel will become increasingly dependent upon mobile devices for communication and information.
Each of these factors means that military IT professionals need to step up the long-term security of their networks. We are seeing this beginning to take shape: DOD has already taken great strides to fortify its cloud efforts, and mobile device data is being encrypted. But more needs to be done through the implementation of some best practices that can help form the bedrock for stronger, more secure military networks.
Fortify the firewall
Everyone has a firewall in place – that’s not the issue. The challenge is testing and maintaining the firewall so that it continues to be impervious to potential attacks. This means constantly building and modifying firewall rule sets to ensure they are consistent with security rules and regulatory policies. It also means performing frequent security audits to identify critical hosts that could be potentially exposed to dangerous devices. These actions have become increasingly important as a greater number of these devices – iPads, iPhones, etc. – pop up on the network.
Activity monitoring is an ingrained part of national defense, and suspicious activity is always flagged. It should be no different for IT networks. Thus, IT professionals should ensure that, in addition to a well-tested firewall, they have a Security Information and Event Management (SIEM) system in place.
SIEM cannot prevent attacks, but it can alert IT professionals, in real-time, to suspicious activity that may be taking place on the network. This allows personnel to react quickly to a potential threat – whether they are deployed or not – and take action to mitigate potential damage. If a breach does occur, logging events can help in tracking where and when it happened, and get to the root cause.
Device configuration changes often result in human error, non-compliant devices accessing networks, or worse, exposing the network to potentially serious risks. Network configuration management is obviously the key, but doing so manually is virtually impossible. That’s because network changes are occurring every day; military personnel simply do not have the resources to closely manage these processes.
Automated solutions can help keep track of unauthorized and non-compliant configuration changes. Like SIEM systems, these solutions can provide real-time alerts that can be immediately addressed. The automated system also allows for daily monitoring of the network, eliminating the need for manual processes.
Each of these solutions must be deeply integrated with virtual networks, protecting the services upon which the military is becoming heavily dependent. For example, as more information is made available in the cloud, hackers will likely continue to adapt their exploits to shift from traditional to cloud-based networks. Likewise, the proliferation of mobile devices on the battlefield – with their ability to help pinpoint geographical locations and enhance a warfighter’s situational awareness – offers great advantages. But they also increases potential access to sensitive data by unauthorized parties. Firewalls, SIEM and automated device configuration can help better manage security, particularly for an increasingly mobile military.
Like military operations across the globe, efforts to secure IT networks must range far and wide. With a solid foundation in place, military personnel should be better equipped to handle potential threats, regardless of location.
Chris LaPoint is vice president of product management at IT management software provider SolarWinds, based in Austin, Texas.