With the global coronavirus pandemic seemingly moving towards the beginning of its end, or at least potentially migrating to an endemic status, many working environments have changed. Homeworking has undeniable become more popular as many employees need more flexible working hours and locations.
These demands pose added calls on IT Security Professionals, whose job is to ensure that company networks are secure and that vulnerabilities are identified and remedied. In parallel, they must enable remote workers to have access to the information and systems they need to get their work done.
In 2020, when the pandemic broke out, remote working was quickly enabled by enabling Virtual Private Networks (VPN) and/or remote access applications. In 2021, cloud adoption increased with reports of over 80% of UK businesses migrating at least one application or a part of their infrastructure to cloud infrastructure.
With no sign of this trend abating, 2022 is a suitable time to consolidate this position and review network security options to ensure your setup is as tight as a camel’s nostril in a sandstorm. Here are some suggestions.
Firewalls and DNS
- Regularly check TLS certificates and/or sign up to a certification management service like AWS’s Certificate Manager, which enables easy provision, management, and deployment of public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.
- Migrate all browser-based traffic from ports 80 to 443, including internal traffic, to ensure all data is secured and encrypted in transit.
- Investigate and apply Next-Generation Firewall (NGFW), which is natively application-aware, and makes decisions based on application, user, and content – unlike its precursor, UTM (Unified Threat Management).
EDR and SIEM
- EDR solutions (Endpoint Detection and Response*) go beyond traditional, reactive security systems, which tend to be detection-based. Instead, EDR systems supply security analysts the tools that they need to identify threats proactively and therefore protect their organizations; ensure you have one in place!
- SIEM systems supply real-time analysis of security alerts generated by applications and/or network hardware. SIEM systems are provided as software, appliances, or managed services; and are used for logging security data and generating reports for security compliance purposes. SIEM and EDR complement each other.
* Note that an ‘Endpoint’ refers to and end-user devices like desktops, laptops, and mobile devices in this scenario, rather than a REST API, which is also known as an endpoint.
IPS
- Intrusion Prevention Systems examine network traffic to detect and prevent vulnerability exploits. For example, a malicious application that is trying to gain access or disrupt data using SQL Injection (SQLI) via a webform or an API request. This is a serious and common threat, and software you supply and use must be checked. Otherwise, you risk a serious outage at best and catastrophic data deletion at worst.
- Denial of Service attacks (DoS or DDoS if distributed) target specific applications and grind them to a halt by overloading with repeated, sustained requests. The best defense is a distributed approach to networking and application presentation. This may include multiple system interconnections, multiple cloud infrastructures and/or a hybrid approach.
The start of a new year is traditionally a time of taking stock, so use it wisely by checking your networking components and removing any vulnerabilities.