Protection of the enterprise digital assets is the one reason why security technologies are in existence. Risk aware enterprises do not want to compromise on network protection strategies, applications and intellectual property. These constitute the lifeblood of the organization. However, IT security and risk management teams often neglect the network as they focus on application and data protection concerns and weaken security operations. Organizations that integrate network operations teams with network application management teams are well equipped to deal with security holistically and prevent compromises on network security.
Just as network hacking tools are maturing, network detection tools are also maturing. Footprinting and scanning are two methods used by hackers who attempt to listen on the network. While Footprinting is used to obtain a list of IP network blocks and IP addresses using a wide variety of techniques, scanning is a method of knocking on the walls to find all the access points on a network.
Security administrators, who are vigilant, can gather valuable information about the attempts including names, phone numbers, IP address ranges, DNS servers and mail servers by installing appropriate network activity monitoring tools on the network. Administrators listening for inbound traffic can identify ping sweeps, port scans and discovery tools being used by hackers attempting to listen on the system. They will be able to zone in on weaknesses in the firewalls or scan systems or filtering rules.
Nevertheless, it must be remembered that network perimeter protection services are sufficient to warn administrators about external intrusions, but they will fail if the network threat arises from within the network. A single mobile user can wreck internal havoc on the network by getting a DHCP lease and access to the network. Listening on the network, constant vigilance of critical systems, and attention to network performance metrics accelerates the identification of breaches early in the cycle. Unusual latency in the network operations or a surge in outbound traffic in the email server may be the first symptoms of an attack. A quick root cause analysis will help mitigate the impact of the problem.
It follows that, effective, in-depth network security must be derived from paying attention to network events; by browsing through network event logs of servers, routers, switches, applications and desktops. The process of correlating events such as firewalls, IDS, AV and VPN with internal user logs will reveal the impact of network based threats and can help identify active attacks ahead of traditional security systems.