Network security should be treated like an international cat-and-mouse spy game: Keep your friends close, and your enemies closer.
Or so says Kevin Beaver, CISSP, independent information security adviser with Principle Logic LLC and author of Hacking For Dummies, 2nd Edition, a book that teaches network and security pros how to test systems, plug holes and foil attackers. The book illustrates how both outside and inside attacks and hacks can happen and how to determine where the network and systems have weaknesses. Hacking For Dummies also offers advice on strengthening defenses and preparing security-based reports, and it makes recommendations for management.
Hacking For Dummies separates itself from other hacking books in that it includes the entire phase of security testing. It outlines vulnerabilities in the network and systems, talks about tools to protect against them, and details a methodology for ensuring security.
According to Beaver, one key component of keeping enemies close and on the radar screen is for networking pros to take on and understand a hacker's mindset.
"You have to be able to look at things from the perspective of 'how can this be exploited?'" Beaver said. "Look at weaknesses from a malicious standpoint."
Oftentimes, though, there are aspects of the network that could be particularly vulnerable that can be overlooked, not necessarily because pros lack the knowledge to lock them down but because security concerns are focused on other technologies, and network devices and components don't get the attention they deserve.
"There's so much focus on Web applications, databases and operating systems," Beaver said. "I see a lot of people overlooking the network infrastructure."
But, according to Beaver, network infrastructure needs to be taken into consideration when thwarting hacks or attacks. He said vulnerabilities are being discovered in operating system firmware and other device components. There are tools available to prevent such vulnerabilities, whether they are on the Web interface of a router or firmware on a switch.
Most tools, Beaver said, are low cost or available as freeware and can ensure that infrastructure devices are locked up tight.
"People are still overlooking wireless issues," Beaver said. "Employees can bring in an access point … it's a huge problem."
Rogue access points are a large part of the problem, and while many companies have a policy prohibiting employees from setting up their own access points, very few organizations enforce it.
Laptop-based analyzers work, but they are used too infrequently and can pick up only what is being used during a walk through. Beaver said that in order to enforce policies, companies need the right technology on the back end, preferably something real-time. He recommends tools such as wireless IDS and IPS to recognize and prevent rogue access points.
"You've got to be proactive about it," he said, and upon the discovery of a rogue access point, the offender "needs to be made an example of," instead of IT just walking over and telling him not to do it again.
"Be on the lookout for inside users," he said. "People on the inside of the network are exposed to more. These people are exploiting their trusted privilege. And in the majority of networks, there's no way to track that back to who did what."
Where most companies fall short and risk exposing themselves to attacks is communication, which Beaver estimates makes up 97% of network security. But a lot of lack of communications comes down to lack of resources and lack of time management, Beaver said. Good network security comes, however, from regaining control and testing the infrastructure for any holes that may be present.
"The No. 1 tip is, you've got to gain control," Beaver said. That control involves having appropriate access controls and policies to dictate how the network is used and by whom.
Dig deeper on Network Security Monitoring and Analysis