We are in a constant race between good and evil! Danger surrounds our networks from all sides. At stake are business secrets, money, customer information and personally identifiable information (PII). The media is full of stories of network breaches and stolen data for which the chief information security officer (CISO) will be held responsible. Industry is quick to develop the secret sauce that protects our network and the valuable treasures it holds.
What is the recipe for the secret sauce? Media pummels you with advertisements, from vendors all over the world, marketing their recipe. Now, we have a multitude of secret sauces protecting and saving us from the dark unknown. Data from these tools fly across our networks at blazing speed. We sit and stare into the screen, much like watching the Matrix wiz by our eyes. It could be, well, mind numbing.
Network Scanning Tools
Securing the network, starts out with first knowing what is running on the network and then being able to monitor network traffic to determine intruders or malicious activity before disaster happens. The network administrator and security teams have a plethora of tools at their disposal.
First, the network admin will want to gain understanding of their network. One simple solution to this is to build a network map identifying all devices. Then, take inventory of these devices, including understanding what is running on them, what access the devices have and who has access to the devices themselves.
There are many types of tools that may be used to perform this task, including the following:
- Network mapping tool such as Nmap, an open-source network mapping tool
- Port scanners, used to scan devices for open ports
- Bandwidth analyzers, used to view the overall network/Internet bandwidth that a particular network is receiving and sending
Another practice network admins and security teams use includes vulnerability testing. There are many vulnerability scanning tools on the market including one of the most popular, Nessus, which is commercially available, and OpenVas, which is an open-source tool.
A vulnerability scanner is a tool that scans networks and assets on the network, including applications for weaknesses or misconfigured items. Vulnerability scanners may run in house or may be used as software as a service (SaaS). Similar to inventorying the network, properly configured vulnerability scanners provide reports about various device information, applications, open ports etc.
Security Information Event Management (SIEM)
No matter the size of the network, you will have a lot of information coming at you from the tools monitoring the network or from individual device log files. One type of tool that helps manage all this information is a Security Information Event Management (SIEM) system. It aggregates information from various monitoring tools and logs, analyze the data and provide a holistic overview of what is going on across the network. Depending on the configuration, SIEM notify you of suspicious activity.
As with monitoring tools, there are a number of SIEM providers. There are open-source versions including OSSIM from AlienVault and ELK Stack composed of tools developed by Elastic. There are also commercial versions available including SPLUNK and LogRhythm NextGen SIEM.
While this article only scratches the surface of what a network administrator or security team can do to secure a network, the tools mentioned will help to crank up the defenses of a network. More effort needs to go into securing our data and infrastructure. Implementing security policies and performing penetration testing on the network, will help identify other areas of concern.
More articles by Stephen Schneiter