IDS, IPS, SASE, and other new technologies are getting more attention, but automation is important for modern network security. Let’s see how automation should be used to enhance network security.
Healthy network device security practices
Effective network operations depend on people, processes, and technology triads. You need the right people with the right skills and the ability to do effective work, good policies and processes, and the right technology to make it happen. Automation is a technology that allows you to build repeatable processes to validate and enforce network policies.
By automating the process of device detection and configuration verification, you can enhance good network security by preventing devices and configurations from accidentally leaving security holes open. In other words, the goal of automation is to ensure that network policies are applied consistently throughout the network. Forgotten and unsecured routers can be exploited by malicious attackers.
When each device on the network is discovered, the automation system downloads its configuration and matches it with the configuration rules that implement the network policy. These policies range from simple non-security related policies such as device naming criteria to important security policies such as authentication controls and access control lists. Automation systems help deploy and maintain configurations that reflect policies.
(There is one policy that is not reflected in the device configuration. Minimize network design variability. For example, a branch office network deployment is a single network that includes details such as device hardware, operating system, and interfaces. Specified by design. This approach greatly simplifies automation and facilitates good network security.
You need to know all the devices on your network because you can’t manage what you don’t know. Security teams may not want a network scan because of the alarm traffic they generate, but that is the only way to identify everything on the network.
The scanning system should check the default credentials that can be easily guessed. Network scans can use brute force ping sweeps, but a better approach is to use neighbor tables created by many protocols. Routing neighbors are used to find other subnets, and ARP and switch MAC address tables advertise Layer 2 datalink neighbors. You can automate this network discovery using open source tools such as: nmap Or various commercial ones. Note that you do not need to do a full network discovery before starting the other phases of automation.
Network change and configuration management (NCCM) systems can use network inventory to automate the backup of network device configurations to a central repository. The NCCM system must include an automated mechanism to check for configuration changes. This is sometimes referred to as configuration drift.
Then, for each device type, create a golden configuration to ensure that the network policy is applied. An automated configuration audit system is required to identify configurations that do not match the defined policies.
Of course, you need to fix configurations that do not comply with the policies you have defined. This is where more advanced products take advantage. Look for products that can intelligently remove configuration statements or add new components. For example, to make changes to an access control list for some products, you need to follow a specific set of steps to get the results you want. Also, look for products that do not claim control of the entire configuration. You need something that manages only the configuration section you want to manage and leaves the rest of the configuration in place. This is an important feature for adopting automation in a step-by-step process.
As automation is adopted, you may want to eliminate manual configuration changes and perform all device configurations through an automated system. The sooner you reach this point, the better. This greatly improves the security of your network infrastructure.
OK, I think you’ve adopted automation and network security is covered, but how do you know that you’ve got the results you want? This requires validation testing. Scan your network from the global Internet for products that look for security holes in your network and IT systems. Think of these products as outsourced automation.
Within the network, use automation to verify the state of the network. This is different from a configuration audit that only verifies that the deployed configuration is what you want to deploy. For example, is the set of BGP neighbors in the correct and established state? Is the spanning tree root bridge properly placed in the topology? Is Network Time Protocol working properly with the right set of peers? Can the internal system reach the internet when it needs to be quarantined? Is this a kind of inside out test? Consider performing network health verification on a regular basis.
How Much Does Network Automation Cost?
The cost of a network automation system is not important and depends on many factors, including network size, network complexity, personnel skills, and products to deploy.
It’s hard to sell hundreds of thousands of dollars worth of product or subscription purchases to business managers a year, but you can instead deal with the consequences of the breach. It may be helpful to talk about costs on a full-time basis for employees and point out the savings from not having to deal with ransomware or data theft. Also note that automation reduces the number of outages and adapts to changing business environments, making business operations more stable and agile.
Another potentially useful approach is to describe automation in the context of business risk management. Often, it doesn’t take much effort to use an external security scanner to identify security holes or to use network detection tools to find unmanaged devices that pose a risk to your business. Automation can easily be transformed into a competitive advantage that is worth the investment.
Copyright © 2021 IDG Communications, Inc.
How and why automation improves the security of network devices
Source link How and why automation improves the security of network devices