Network Hardening: Part 3
Research, Planning, and Implementation
Understanding where there are holes and cracks in the security of your network is an essential first step towards hardening your network. The problem is first identifying that they exist. How do you find a problem if you don’t know that one exists? It surely wouldn’t be wise to simply wait around hoping for the best until your network was eventually breached. There are a couple of methods that will help you stay up-to-date on upgrades and fixes for the different hardware, software, and security practices you currently employ on your network.
There are two sure-fire ways to stay current on hardware upgrades, software fixes, and revised security practices. First, be sure and subscribe to the support email distribution group for your hardware and software providers. Depending on the vendor it may take some diligence (and patience) to filter through constant advertising and find actual honest-to-goodness updates and notices. However, some advertising may be worth your attention if it’s for a better, more secure piece of hardware for example. Keep in mind that even though an update is available it doesn’t necessarily mean it should be immediately implemented. Test it first in an isolated test environment to make sure it plays nice with the rest of your network configuration.
In addition to staying current with vendor communications, it’s always a good idea to subscribe to a forum where you can share information with others that support network environments that use similar hardware, software products, and security practices. Participating in such a forum has proved to be invaluable in my experience; especially when you encounter issues that have not been recorded or communicated by a vendor. A support forum can be a life saver when trying to troubleshoot and security flaw. These types of forums are often available on the vendor’s website under Support or on a privately run website.
In conclusion, I’d be remiss if I didn’t stress the importance of proper testing one more time. There’s nothing worse than implementing an upgrade/fix only to find that it not only failed to correct what it said it would, but that it broke something else. So once testing and validation is complete, it’s time to plan the implementation. And at this point, the only thing left to worry about is user impact. If the upgrade/fix corrects a major security flaw then quick action is warranted. But don’t confuse quick with hasty. Use common sense during this final step. If the implementation is anything other than time-critical, execute it after business hours or on the weekend. Happy networking!
This post is part of the series: Network Hardening
Like all things dynamic, change is inevitable. Such is the case with your network environment. Upgrades and modifications to the network architecture can sometimes expose (or create) security holes. As such, it is important to consistently evaluate the integrity of your network infrastructure.
