Tech at Work: Security
In this ongoing series, we look at real-world applications and how interconnects play a role in successful implementations.
The connectors and cables that link software and systems play an integral role in network and enterprise security.
For instance, enterprises spend thousands of dollars on the latest lines of security defense, but they’re still vulnerable to data breaches due to certain areas they’ve overlooked, says Chris Boyd, a senior threat researcher at GFI Software. “Personally, I’d start with the assumption that everything has been compromised – whether that’s the physical building security, firewall policies, malware on the network, or data leaks – then think ‘What’s the most damage that could come out of this?’” Boyd says. “Once you know the worst that can happen, you can take steps to lessen the damage.”
Network design plays a role in keeping enterprises secure as well, says Fernando Duran, formerly the chief technology officer at WaterlooSecurity Ltd., which makes internet security tools. Design flaws such as allowing local network congestion or failing to separate local networks also expose the networks to security compromise, he adds.
Duran is now site reliability engineer at Kira Inc., where he’s charged with ensuring servers and code run smoothly. The company’s software analyzes contracts and clauses.
Enterprises should also be aware that network changes expose new services and network devices to the internet, thereby introducing a new area for hackers to attack, and the connectors that act as middlemen here need to be assessed as well, Duran says.
With that advice in mind, New Charter Housing Trust Group in Manchester, England, recently implemented a firewall from Cisco to secure internet access for staff and residents. The group is a social housing authority that offers around 20,000 low-income residences to socially disadvantaged citizens.
About 1,000 New Charter staff members have access to the internet via the group’s corporate IT network, as do those within the housing units via its private network.
When New Charter brings new housing into its system, IT staffers need to integrate those sites into the network on an ongoing basis, says Darren Fishwick, telecommunications and network manager for New Charter. With that number of users, New Charter soon realized the need for a firewall.
“We had a supplier come in to do a bit of work for us, and it took us several hours to realize that all he’d done was disconnect the PC at the desk he was working at and connect his own laptop,” he says. “This, of course, goes totally against our policy and highlighted that we need to ensure that people can’t just come along and connect to our network.”
At the center of this is New Charter’s recently implemented Cisco ASA 5545-X Next-Generation Firewall with Intrusion Detection and Prevention. The firewall calls upon the Cisco Cloud Web Security Connector for ASA to extend web security and control without additional hardware expense, according to a Cisco statement. The New Charter team also uses Cisco Catalyst switches as well as Cisco Wireless LAN Controllers and Cisco Wireless Access Points.
The housing authority also deployed Cisco AnyConnect so corporate tablet users can connect to the New Charter virtual private network, Fishwick says.
Fishwick finds all Cisco equipment – old and new – useful when he’s working to integrate new housing sites into the New Charter network.
“There can be a lot of head scratching as we try to figure out why the systems aren’t integrating,” he says. “Recently we resolved an integration problem by using some older Cisco routers. I had the equipment just hanging around in the cupboards, and I configured them for the sites,” he says. “They worked perfectly the minute we deployed them.”
In Scotland, accounting firm Johnston Carmichael chose to secure workstations to prevent threats such as viruses being introduced to the company’s network and to control the use of USB memory sticks and other portable storage devices that had the capability to walk off the premises – purposely or inadvertently – with a user.
“We had growing concerns around the proliferation of USB storage devices and their ever-growing data capacities. They are easy to obtain cheap and in many cases given away free. We needed to implement some control over their use within the business,” says Keith Ross, Johnston Carmichael’s IT technical director.
The firm recently implemented GFI EndPointSecurity software, which Ross and his team set up, along with the connectors and cables as outlined in the implementation guide. The software system secures endpoint devices and stops data breached by controlling USB drives, iPods, thumb drives, and other endpoint devices that can store data. It also monitors, manages individual log-ins, and analyzes how often devices are logged into, among other metrics, Boyd says.
For Johnston Carmichael, it reduced the risk of users logging into unapproved devices or storing information on USB drives, Ross says: “We’ve plugged a hole in our security.”
The benefit was also in the software’s low cost and easy set-up. “We were able to implement a solution to address a business problem without a big financial hit or overly complex solution,” Ross says.
The lesson? Never underestimate the role connectors play in securing the network.
Jean Thilmany is a freelance writer.