Network Security Management and Controls
In order to manage and control networks, a series of controls should be selected and applied to the network. Management of the network should be controlled by the assignation of responsibility for equipment and procedures established for their implementation. Consideration should be given to the segregation of responsibility between control of, and operation of networks.
Where information is passed over public networks or wireless networks, further controls should be considered in order to both maintain connections (availability) and the privacy (confidentiality) and integrity of the data. Monitoring and logging of network activity should take place both as a preventative action and a corrective action – if users are doing bad things, best to catch it early whether it is something an awareness programme should cover, or a disciplinary action, additionally to show the way to network managers to cover any emerging risks.
Management activity should ensure that controls are consistently applied across the network, this is especially important in the creation/switching on of cloud environments as you implement new VMs or Docker Containers etc.
Authentication across networks should be supported, although a common way to do this which reduces risk is that the authentication should take place at initial logon by way of multi factor assurance – this can be implanted easily with the additional use of the mobile phone at a single sign on, subsequently allowing the user free access to network services within agreed and controlled privileges. This is something I use with my own networks, where a hacker could not access my system even if they knew the password, they would additionally need both my phone and access to that behind a fingerprint ID. Systems connections should be restricted – this is a fundamental control of privileges.
Security of Network Services
Define network services by way of agreements and or SLAs irrespective of whether they are internal or external. The performance of these SLAs will form part of the performance of the security management system. These agreements should include the right to audit, so that management have visibility of operations to satisfy their risk assessments.
Segregation in networks
Dividing networks into domains allows for increased security once privileges have been established and implemented. Segregation can be both logical and physical. Some clients I have worked with have highly classified information on devices which are physically protected and not connected to networks at all, so information is only processed in an unconnected environment, a huge set of controls to justify the risk of loss.
Perimeters should be maintained and authentication required at boundaries, with authentication requirements governed by the security requirements / risk assessments of the individual domains. Wireless networks perform particularly poorly with respect to security and this should be considered as part of segregation activities.