It would be nice to be able to say that we are winning the war; that network security efforts are slowly getting the better of the bad guys. But I can’t do that. Despite all the money being thrown at security tools and hosted services, the cyber-thugs are improving their game at a faster rate than we are. The ten worst known cyber security breaches of this century have all taken place since 2008, and 2013 and 2014 are notorious for their information security incidents.
I think there are a multitude of reasons for this state of affairs to exist. One is confusion, indecisiveness and slow reaction times among regulatory bodies and standards providers. Another is the “check the box” compliance mentality that exists both in government agencies and in the private sector. A third is simply the insane rate of innovation in the information technology realm. There are many more. But despite the reasons, one thing is clear: we have to stop rigidly complying with baseline standards and move into the more flexible and effective world of best practices. And today the best practice I want to touch on is network segmentation.
In our business we see a lot of computer networks that are just “flat”. There is little or no network segmentation and anyone on the inside can pretty much see everything. I can’t begin to tell you how easy this kind of setup makes it for us during penetration testing – success is virtually assured! And it’s amazing how even just basic network segmentation can slow us down or stop us all together.
A good reason to start with network segmentation is that you can go at in easy stages. Maybe you can begin by segmenting off a separate development or test network. Those are pretty basic and can give your networking team some valuable experience for more difficult efforts to come. Then you can ensure that “user space” is separated from “server space”. Doing just that much can have an amazing effect – it really helps to thwart successful cyber-attacks.
As the team gains confidence in their abilities, they can move onto the next step: real enclaving of the network. This is anything but a trivial effort, and it requires detailed knowledge of the various functions of the different business departments and how information moves into and out of each one of them (a task made very much easier if the company has a good business continuity program and business impact analysis in place). But in the long run these efforts will be well worth the trouble. It is very difficult indeed to gain access to or exfiltrate information from a well enclaved network – especially from the Internet.
This blog post by John Davis.