Tag Archives: Opsware

November 25, 2011

Test The Strength Of Your Security

Test The Strength Of Your SecurityMany agencies spend millions on security each year. Security investments range from firewalls to contractors, which spending is typically based on weighing risk of loss against cost to protect. Sometimes it’s difficult to evaluate the return on investment for security since the desired end result is not being compromised rather than a particular outcome that can be measured. Studies show regardless of the level of spending for security, the majority of IT management doesn’t know how effective their defenses are against today’s threat landscape. Here are some ways to evaluate the strength of your security.

Secure all access points to your network

* Security is as strong as your weakest link. Make sure all access points are secured or you will eventually be compromised. The common access points are Email, Web, LAN, Wireless, VPN, Data Center, Endpoint (laptops, desktops, etc.) and Mobile Devices.

Scan desktops and servers for vulnerabilities

* Tools are available for penetration testing such as Saint, Tenable, Core Impact and Rapid 7. The concept is simple … test for the same vulnerabilities hackers use to access your network. Penetration tools look for open ports, unpatched servers and other means hackers could use to compromise your equipment. The industry leaders typically can test all network nodes and include recommendations for remediation.

Evaluate network traffic for malicious intent

* Network forensic tools are available for capturing and categorizing network traffic (Example HERE). You will not know you are compromised if none of your security devices are triggered. Looking at traffic at the packet level can identify unknown communication through unrecognized ports, traffic with foreign entities or other red flags that indicate you have been compromised. Typically forensic skillsets are required to identify threats however manufactures like NetWitness offer great tools for simplifying packet level analytics.

Include failsafe security solutions that rate your existing toolsets

* Best practice is to test the effectiveness of your existing security toolsets. The most popular method is placing honeypots on your network with the goal of luring hackers who bypass your security into highly monitored systems. Other toolsets are available for testing your signature and behavior based tools such as Spectrum by NetWitness that can flag if specific threats could bypass your security. Another interesting tool is by FireEye that runs threats in a virtualized honeypot to identify malicious behavior.

Standardize and monitor your network device configurations

* Enforce a baseline template for all network devices to avoid vulnerable configurations and software. Network management tools by SolarWinds, Cisco, EMC, etc. can enforced standardized code and configurations as well as monitor if changes are made. I personally like 360GRC’s ConfigScan for evaluating configurations for vulnerabilities specified by industry standards.

Profile all devices on the network.

* Use a profiling tool such as Cisco ISE or Greatbay to identify what types of devices are on your network based on how they communicate. You may be surprised to find a few Xboxes hidden in a corner office.

Categorize Sensitive Data.

* Data Loss Prevention (DLP) leaders such as RSA and Symantec offer various tools that locate and categorize sensitive data. Make sure sensitive data is controlled and protected.

Test your staff with social engineering attacks.

* People will always be your weakest link. The only way to improve this is through training. I’ve seen customers use social engineering attacks on their users and show the results as a means of training. There are many online forums that can assist with developing your social engineering training strategy.

Periodically audit your network. 

Test The Strength Of Your Security

* Use unbiased consultants to help you understand how vulnerable you are.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

4 Comments

Filed under General Security, Security Management & Analysis

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 16, 2011

Network Management Tools : HP Network Automation / Cisco NCM, EMC Voyence, WhatsUpGold, SolarWinds, Cisco LMS

networking 1 300x225 Network Management Tools : HP Network Automation / Cisco NCM, EMC Voyence, WhatsUpGold, SolarWinds, Cisco LMSNetwork Management Tools (NMTs) are key for medium to enterprise network management. Without a centralized management suite, network administration becomes the Wild West. Network Management at first glance may not seem like a security topic however proper management reduces risk, which improves security. Its important to leverage NMTs to maintain policy by enforcing network management through a complete audit trail, standardize device software and configuration, automate changes and prevent failure with continuous backup.

The first step in reducing vulnerabilities is identifying what technologies contain sensitive data and enforcing Role Base Access Control to that data. Role based access control monitors individual administrators by user identity rather than a general administrator account accessed by all users. Best practice for role base access control for Network Management Tools is customizing user environments around access rights. For example, if there are two regions with separate managers, each region’s administrator should only have access to their region’s data. Configuration rights should match user roles meaning an analyst shouldn’t be able to make policy changes unless authorized by a network administrator.

floor 300x225 Network Management Tools : HP Network Automation / Cisco NCM, EMC Voyence, WhatsUpGold, SolarWinds, Cisco LMSHackers thrive on vulnerabilities caused by poor network management practices. In many cases, network vulnerabilities are caused by human error or lack of enforcing network policy. Network Management Tools standardize all equipment on approved software as well as maintain critical updates. This includes identifying and updating new devices to ensure standardization is met. Configuration templates can be enforced so misconfigurations aka “fat fingering” commands won’t impact the network (for example configure the wrong default gateway). “Network Cowboys” can be tamed by quarantining configuration changes as pending until approved by a proper authority.

Automating tasks can save you tons of man-hours and avoid misconfigurations. Tedious exercises such as updating ACLs, VLANs or other configurations can be push to all associated devices using workflows that follow approved maintenance windows. NMTs configuration automation features are extremely important for deploying heavy configuration technology such as 802.1x, which typically requires multiple revisions during deployments. If a configuration vulnerability is discovered on one devices (examples could be permitting telnet or finger command), Network Management Tools can automate verifying the rest of the network for similar problems.

The worst thing in the network management world is having the network go down. A critical feature offered by Network Management Tools is automatically backing up configurations of all devices. Administrators can revert the network back to a stable state and audit all changes made to identify where the failure occurred. Some NMTs perform modeling functions, which predict impact of changes prior to applying commands to avoid future problems.

Network Management Tools have many other useful features such as network diagraming (layer 2, layer3, only certain devices, etc.), monitoring / troubleshooting and policy audits for common government and commercial security standards such as PCI, HIPPA, FISMA, etc. Features and device support may vary based on vendor. Regardless of which vendor you choose, consider the features covered in this blog and focus on man-hours saved for justifying the request to purchase a solution for your network.

VN:F [1.9.22_1171]
Rating: 1.0/5 (1 vote cast)

Leave a Comment

Filed under Security Management & Analysis

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

August 10, 2011

How To Perform A Network Assessment: The Application / Toolset Concepts

How To Perform A Network Assessment: The Application / Toolset Concepts
The term “Network Assessment” is interpreted many different ways. Definitions range from routers to laptops or servers in the datacenter. I’ve been involved with assessments for devices that utilize device management login methods through TACACS, RADIUS or Local Authentication. To be clear, I’m talking about routers, switches, IPS/IDS appliances, VPN concentrators, Wireless Access Points, Firewalls, etc. I’m not referring to systems with operating systems such as laptops, desktops, printers, servers, etc. The reason is the assessment goals, login methods, and tools for routers are typically different than scanning laptops and server operating systems.

Regardless of the tool, generally the process can be broken down into three steps. Step one is seeing the devices on the network. This can be accomplished by importing a list of IP addresses such as a .CSV file, scanning a defined IP address range, utilizing SNMP V1, V2, or V3 or leveraging a scanning protocol such as NMAP. I recommend leading with a known IP list since it’s the quickest method and doesn’t require scanning. I stay away from scanning techniques with testing protocols such as NMAP since it could negatively impact end devices. Best practice is adding a single device of different categories before moving forward with a large range of devices.

Step two is verifying your assessment tool has drivers for the devices it’s capturing. Drivers tell the tool what login method to use without rolling through a bunch of different vendor access scripts along with how to associate polices with matching devices. It’s key to update your tools prior to kicking off a network assessment.

After identifying the devices the final step is accessing them. The common methods are Telnet and SSH. Without the previous steps, you won’t know where or what you are logging into. It’s best practice to leverage TACACS / RADIUS accounts and accessing one device prior to launching a large capture. The last thing you want is a bunch of failed attempt creating security logs.

network assessment tools I’ve used are Netformx, EMC Voyence, SolarWinds, Network Compliance Manager/Opsware, 360’s Manchester and sometimes Cisco LAN Manager for %100 Cisco networks. It’s hard to judge which is best since each have their strengths and usually a combination is used to gain a complete picture. In general, my team attempts to inventory the network down to the serial numbers, identify end of sale/life hardware, check compliance standards, look for vulnerabilities both in hardware and software and verify advanced technology capabilities such as power over Ethernet (POE) for VoIP readiness. With properly tuned tools and best practices, my team can capture networks exceeding ten thousand nodes in a day. 90% of delays are caused by not setting expectations correctly meaning customers are not prepared to deliver requested information. Spending extra time reviewing the assessment process with all IT members along with providing detailed documentation will save you time and headaches.

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)

5 Comments

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,