IT Network Security Plan Seattle WA

provided by: 
Originally published at Internet.com

Network security receives much more attention and budget support than it did just a few years ago. Having a good security plan in place has become a necessity for any security-conscious organization. But like any plan, the devil is in the details - or lack there of in many cases.

The drivers for building a security plan should be executed from the CIO/CSO down, to help organizations comply with regulatory or auditing processes, help IT get security of the network under control, and simply because it is a best practice. Let's face it, sometimes organizations implement the minimal amount of security necessary to meet a checklist on an audit or management report. However, a plan is only as good as the organization's ability to implement it.

Security experts recommend a layered approach to implementing any security architecture. Most organizations already have firewall and anti-virus solutions in place, so adding the extra layers of security is a practical industry approach as threats become more sophisticated and networks become more complex. A useful way to look at security is to segment it into three strategies: reactive, proactive and compliance.

Reactive Security

Reactive is the most common method, although it is not the recommended one. When a security incident occurs, a course of action called an incident response process (IRP) is enacted to control, remediate, and perform any necessary forensics. For example, when an attack enters the network perimeter, the firewall can perform prevention to deny access into the network.

Beyond a firewall, two additional security layers bring a significant amount of protection. Intrusion prevention systems, or IPS, perform deep packet inspection and follow the state of network traffic conversations by looking inside the contents of packets for malware, abuse, or threatening traffic. IPS is commonly deployed outside the firewall, immediately inside the firewall, at the network core, and at other interconnection and edge points within the network. IPS's are considered reactive because they have to wait until an attack in order to react and block the packet or the source of the offending packet.

Proactive Security

The proactive strategy approach takes measures to protect the network well before any attack or potential threat is present. Layering in a proactive security strategy adds many benefits by preventing attacks from entering the network. One of the newest approaches to proactive security is called network access control (NAC). A comprehensive NAC solution ensures that any endpoint device is tested for compliance with an organization's security policy before gaining unfettered access to network resources.

NAC is a useful tool for IT security administrators because it considers devices guilty until proven innocent, helping to control access to classified, private information held on many networks.

Many NAC tools perform user authentication to determine if the specified user should have access to the network. Next, each device is examined to determine if it poses a threat to the network. Organizational requirements can be as basic having security patches and anti-virus programs up-to-date. More extensive requirements can also be applied to validate that the web browser, applications and operating system are configured in a secure manner. In addition, some sophisticated NAC solutions also check for the presence of malware that attempts to spread immediately upon connection to the network.

Many industry analysts and security experts view implementing a NAC solution to be a top priority for organizations in the financial, education, government, and healthcare fields.

In addition to NAC, a vulnerability management (VM) process helps ensure that devices on the network can withstand attacks that may enter the network. VM proactively examines devices on the network, scans them for potenntial vulnerabilities specific to the device, and determines its operating system, configuration, and applications. This data is recorded and retained within a central database that security engineers can use to follow up and ensure these vulnerabilities are addressed.

Vulnerabilities can be handled in a multitude of ways. Many vulnerabilities will be resolved by applying patches from the vendor so the software is up-to-date. Other vulnerabilities may be mitigated using access control lists or firewall rules that minimize the possibility of an attack getting through. Still other vulnerabilities may pose an acceptably small risk to the organization and do not require immediate resolution.

Next page: Security for Compliance

Security for Compliance

The third strategy is compliance. For most organizations it's not acceptable to merely have a security solution in place. They must demonstrate the effectiveness of these solutions and follow-through with a company-wide security plan. Auditors can quickly tell the difference between organizations that haven't thought out their security strategy and organizations that have implemented robust tools, policies and procedures in order to follow compliance guidelines. Each element of the security architecture must retain key information that can report incidences of non-compliance.

Comprehensive reporting from these systems is essential. Important reports include those that show which devices do not meet current security policies, where non-compliant devices are granted exceptions, unresolved vulnerabilities and vulnerability repair progress, and reports of security incidents and breaches. Auditors frequently require ad-hoc reporting capabilities to construct custom reports, filtering and search criteria.

Evaluating Your Network

With the three security strategies in mind - reactive, proactive, and compliance - CIOs and CSOs can begin to evaluate their networks to decide which strategy is best for their organizational needs. While a layered security approach that combines all three remains the suggested approach by security experts, any plan is better than no plan at all. Whatever strategy is taken, company-wide policies and procedures should be established and mandated by executives so they can be executed by staff.

As threats increase and the world becomes more reliant on information technology, security cannot be thrown aside as an afterthought. Security is a core IT process that takes consideration and follow-through to be effective.