The modern business environment is awash with tech savvy people able to list the various types of servers on the corporate intranet, and perhaps even what functions these servers perform. Far less likely is that these same people can detail the traffic. This is largely due to the fact that people have stopped worrying about what kind of traffic is out there because they believe they have excellent perimeter protection against internet–based attacks.
Sadly strong perimeter defences simply aren’t enough today, and just a single mobile user with a laptop can cause serious problems for a company. For example, a mobile user’s laptop may have become infected while working at a customer site and then spread the infection when reconnected to the internal network. In this scenario, perimeter security has been physically bypassed – which is why it is essential that corporate networks comprise internal protection mechanisms that can protect businesses against such simple oversights.
Large enterprises can afford powerful network management systems capable of monitoring the overall health of internal networks. But small and medium business companies simply do not have that kind of money to invest in intranet protection. It is essential that these companies find alternative means to achieving the same levels of protection. However, in order to find the ideal solution, we have to consider some common problems.
First, companies need to be able to see what is happening on their intranets. Smartly placed intrusion prevention system (IPS) sensors – as opposed to an intrusion detection system (IDS) can help reveal a lot about internal network flow. Modern IPS systems do not produce the huge number of false positives sometimes associated with older IDS systems, and it is no longer necessary to sprinkle IPS sensors all over an internal network as some sort of scattergun approach to intrusion security. Organisations should deploy IPS at intelligent locations, for example, just within the firewall, in DMZ areas, or in front of critical servers. the IPS systems can then report on intranet activity.
A second consideration is how to prevent unwanted traffic inside the internal network, for example, a worm or peer-to-peer program. One answer would be to segment intranets using firewalls. This, for example, would allow an organisation to isolate finance or accounts departments from the rest of the intranet and therefore preventing infections spreading into those business critical network segments.
However, if correctly deployed, the IPS sensors and firewalls can together strengthen intranet security. IPS sensors can show what is flowing across the intranet by inspecting network traffic even up to the application layer. These sensors will block any harmful traffic if sensibly located – such as in front of critical servers. In circumstances where they are not covering the whole traffic path, they can instruct internal firewalls to block further unwanted traffic throughout the company’s intranet and even at the perimeter. Because modern IPS and firewall systems are highly granular, they can easily block all offending traffic while allowing genuine business traffic to flow.
Many corporate intranets are deployed to connect a number of branch office networks, where security can often be perceived as less effective than at corporate headquarters. This is because many companies buy separate, locally managed security solutions for these branch offices – a practice which can lead to erosion of overall security principles over the years. By contrast, a comprehensive security solution makes good use of centralised management that allows all branch offices to use access rules and intrusion prevention rules identical to those used by headquarters. Centralised management will collate all security logs in local log servers while displaying centrally automatically combined log information from all other log servers, including fast and accurate reporting. This greatly helps companies in adhering to regulatory requirements such as Payment Card Industry security policy (PCI from Visa and MasterCard) or SOX.
A combination of IPS sensors and firewalls offers an ideal protection strategy for small and medium businesses while also providing an easy and fast way to check the security of internal networks.
Subscribers 0
Fans 0
Followers 0
Followers