In September, Montgomery County, Ala., fell victim to a ransomware attack. While no identifying information was stolen, according to Lou Lalacci, Montgomery County's chief information and technology officer, the attack did have a major effect on the county’s systems.
But, as Lalacci pointed out during a press conference, Montgomery County is “not the first entity to go through this.”
In fact, state and local governments often find themselves vulnerable to cyberthreats as tightrope-tight budgets prompt them to hang on to legacy network infrastructures for longer periods.
Meanwhile, malware and other attack techniques are evolving and maturing at compounding rates, often faster than these legacy infrastructures can keep up.
“Today, we see a proliferation of advanced persistent threats that users have unwittingly introduced to the network and an unprecedented surge in cybercrime,” says Klaus Gheri, vice president of network security with Barracuda Networks.
With attackers constantly scheming to steal data, cripple services and cause havoc, many organizations now look to network infrastructure refreshes as an effective way to stay ahead of the enemy.
Why Should Agencies Start Network Upgrades?
Due to their static nature, legacy networks are particularly vulnerable to attacks.
“Aging IT can’t support the move toward digital transformation securely or effectively,” says Judson Walker, chief technology officer of Brocade Federal. “A network refresh that leverages software, open source and open standards is a step in the right direction, providing organizations with visibility and automation so they can gain better control of their security.”
Brian A. McHenry, senior security solution architect for F5 Networks, notes that a network refresh provides the ideal moment for moving to more advanced and secure architectures.
“In recent years, a network refresh has often meant network function virtualization (NFV) and software-defined networking (SDN), which create an unmatched opportunity to inject dynamic security controls into the network topology,” he says.
Keep Local Agency Networks Safe with Intruder Blockers
A complete network overhaul isn’t always necessary to improve security.
Many providers offer easy-to-deploy network solutions that incorporate powerful security features. Firewalls built into routers, for example, allow IT staff to monitor incoming and outgoing network traffic and decide whether to allow or block specific traffic based on a defined set of security rules. A proven and reliable network security technology, firewalls create a barrier between secure internal networks and untrusted external networks, such as the internet.
“Leverage next-generation firewalls,” Gheri recommends. “These devices can identify traffic based on applications, and good next-generation firewalls can apply different traffic optimization techniques to different kinds of application traffic.”
An intrusion prevention system (IPS), implemented either as a device or through software, is a powerful tool that examines traffic flows to detect and block vulnerability exploits, an approach attackers frequently use to access or cripple an application.
Intrusion prevention is a standard feature incorporated into most next-generation firewalls.
“It provides baseline security, but be aware that an IPS should not have a blind spot regarding Secure Sockets Layer encrypted traffic,” Gheri warns. “Encrypted traffic needs to be decrypted and then matched against malware signatures and payload needs to be inspected for advanced malware.”
Segmentation, a technique widely supported by network technology providers, splits a network into multiple sub-networks, commonly known as segments. The approach allows organizations to group applications and related data together for access only by specific users (such as sales or finance department staff members). This technique can also be used to restrict the range of access provided to a particular user.
Segmentation is perhaps the simplest way of improving an organization’s security posture, since access control focused on network address segments hampers cyberattackers. “It can also help to contain malware outbreaks,” Gheri says.
Agency Network Management Tools and More
State-of-the-art management solutions help IT staff keep a close eye on network traffic to detect security issues before they can grow into a crisis.
Network mapping tools, for instance, help staff get a better handle on network security, since without access to up-to-date network diagrams and inventory lists, it’s difficult to know exactly what needs to be protected.
Content filtering is a useful technology for organizations that would like to keep certain types of objectionable materials from infiltrating their systems. Based on predetermined settings, the filter blocks content that is not acceptable for user access and viewing.
Organizations that have already transitioned to SDN need to be careful, however. Content filtering is an application layer control, and may not be built in to many SDN-based network refresh designs, notes McHenry. “The vital features to look for are prepackaged integration tools for your SDN controller solution as well as open application programming interfaces to customize more advanced SDN integrations with security services.”
Perhaps the biggest SDN security concern is a compromised SDN controller.
“A traditional network has a control plane that is distributed across all the nodes,” observes Fred Chagnon, research director of the Info-Tech Research Group’s infrastructure practice. Attempts to compromise the network involve injecting misinformation into this control plane to influence network behavior. “With an SDN controller, there is now a dedicated attack platform to direct such an attack, Chagnon says. “The security of the controller itself cannot be overstated.”
Hone Privacy Through Encryption
Network traffic encryption via a gateway device is a widely used approach for protecting communication between local networks. With a gateway, all traffic is encrypted regardless of the protocol used.
According to McHenry, in-flight traffic encryption is vital, even on private or trusted networks.
“Insider threats necessitate a zero trust model for security, and transport encryption mainly via TLS, IPSec, or SSH is fundamental to this approach. HTTPS, FTPS, and other encrypted protocols should be the standard for any new service deployment,” he says.
Encryption can be most efficiently handled via a virtual private network using a public network — typically the internet — to link remote sites or users together.
“VPNs are still essential technologies for secure remote and site-to-site access where the application protocol may not have inherent encryption,” McHenry says.
Learn more about how CDW’s solutions and services can help secure your network.