Saturday, July 7, 2007

Network Security: A Game of Golf

As the saying goes…”it is like a game of golf..A game that is played, but never won. So if you cheat (take shortcuts) you cheat yourself”

One thing which I have frequently observed during Network Security Audits is that organizations rely too much on network firewalls and hardening checklists. Certainly these two are key components of complete suite of Network Security; however ignorance of proper house-keeping and regular health-checks result into majority of Network Unavailability issues and attacks on network devices.

Sounds unbelievable?? Ok, go through the below mentioned list of network vulnerabilities (or list of IT Staff ignorance) and then retrieve the list and Root Cause Analysis (RCAs) of all the Network related Problem Tickets. Analyze RCAs and you will realize that the vulnerabilities mentioned below are worth immediate attention. Also keep in mind that many a times helpdesk guys and support engineers moderate the RCA so that end user get the impression of some severe technical issue for their problem ticket.

List of Network Vulnerabilities:

Unavailability of Network Design Guidelines for the organization may result into:

Problems related to DMZ
Un-patched servers kept on private network
Frequent Bandwidth choking (Slow Network)
IP Address Conflicts
Inefficient VLAN configurations
Access Control List (ACL) misconfiguration
Data Leakage through Tele-workers
Rogue Wireless Access Points
Unauthorized access through extranet/client network (Inbound Connections)

Unavailability of Patch Management Process for Network Devices, may result into:

Exploitation of known vulnerabilities of network devices
Unwanted services running on network devices
In-Secure version of Network Protocol (Ex: SNMP, NTP etc) implementation

Absence of regular Health-check of network devices, may result into:

Outdated OS versions
Outdated configurations
Redundant entries in ACL
Redundant userIDs configured on devices
Mis-Match of Network Passwords/Community Strings (Ex: TACACS+, RADIUS, OSPF)


Lack of clarity on preferred Vendors/Products, may result into:

Products inter-compatibility issues
Scalability issues
Outdated (End-of-Sale) products

Unavailability of cable-layout, may result into:

High-downtime during cable damage
Service Disruptions during new link commissioning
Problems related to Uplink ports’ connectivity

Unavailability of Network Diagram, may result into:

High-downtime during network issues
Service Disruptions during network problem resolution of some other issue
Problems related to Uplink ports’ connectivity
Routing Loops
Redundant Links
Inefficient Data Traffic Paths
Misconfiguration during Change Implementations

Overloaded power-supply, may result into:

Frequent power tripping
Short-circuits
Unavailability of power sockets during new installations
Unavailability of backup power sockets

Insufficient Rack space, may result into:

Over-heating of devices which lead to high error rate
Web of patch cords, you pull one and get four
No scope of identification of individual cables

Improper earthing/grounding of racks, may result into:

I would prefer to leave this explanation for Insurance Advisors J

Unavailability of regular Automated vulnerability scans on network, may result into:

Successful attacks from script kiddies
Successful attacks from internal network
Un-noticed misconfigurations by network admins

No Service Level Agreements (SLAs), may result into:

Inefficient network designs due to high pressure from management/end user for early Change Implementation and Network Commissioning
Inefficient review/approval of Change Requests
Support engineer continuously busy on telephone answering end user complaints, when he should be working on problem resolution i.e. High Downtime
Unwanted Escalations


These overlooked network vulnerabilities are the major cause of most of network related issues in any organization. Some of the organizations have documented procedures but EXECUTION is still a challenge. Yes! Internal IT infrastructure is a cost, but a cost worth paying to save losses due to high down-time, high number of problem tickets, outdated devices, insurance premiums and Network Attacks.

No comments: