Overview
January Expert: Rick Kurtz
Rick Kurtz is Business Development Manager for Network Security Practices at 4Front Systems and DSi. His certifications include CCNA and CISSP. His career accomplishments are many and include:
• Original
developer of Security Information Management (SIM) software,
Private I, for Opensystems.com (now known as Network Intelligence
Corporation).
• Created and Implemented 4Front Systems, Inc. network
security practice
• Designed, implemented and managed network security
information management systems for several Fortune 500
companies.
• Designed and instructed International companies on the use
of network security devices and SIM software.
• Performed network security assessments for numerous
Department of Defense (DoD) agencies.
• Over 14 years experience supporting organizations
identifying solving network security threats and attacks.
• Multiple network security device experience including
firewalls, routers, VPN’s, IDS and network access
controls.
Rick is a strong supporter for actively monitoring and auditing network security devices. His expertise encompasses all network security vendors and into the strategic deployment of each device.
Rick has spoken at a number of network security events.
An Easier Approach to Network
Security
by Rick Kurtz
We have all been through the same series of network security events in the past year. If we’ve learned anything from these events, it may well be that we have recognized our lack of knowledge or understanding of network security solutions. I want to share a little knowledge and experience based on my 12 years of experience as a network security professional.
I have seen a lot of network security architectures, both good and well, not so good. A few years ago I was given an opportunity to look back and recall my experiences in order to come up with a solution approach to network security. After much thought, white-boarding and self-debate, I came up with the following four principles. These principles were executed by those organizations that had a living, breathing network security solution that provided protection against the unknown threats we face on a constant basis.
• Assessment
• Implementation
• Auditing and Monitoring
• Management
Let’s take a look at the principles in a little more detail so that you may understand the significance of each. Assessments are great if you are honest with yourself and your organizations use of the network. The methodology used during the assessment process may be hard to understand. Let me make it simple…assume that any machine, anywhere in your network, is a threat. With that thought in mind, I have come up with six areas that have an impact on a network security solution; 1) network architecture, 2) server operating systems, 3) wireless network access, 4) IP telephony, 5) web-based applications and 6) network accessible storage.
Based on the results of your assessment using the latest hacking tools, we can get an overall picture of your organization’s network security posture. By the way, don’t be scared of the hacking tools. We must get familiar with output of the tools in order to identify what vulnerabilities the hacker has identified. At this point in the game, we may start looking at the products that reduce the threats associated with our network communications requirements. To make this task easier, I have come up with 10 classifications of devices; routers, switches, firewalls, virtual private network (VPN) concentrators, network intrusion prevention (NIPS), host intrusion prevention (HIPS), content filtering, anti-virus, SPAM and network access control (NAC).
If all goes according to plan, we have selected the right product to reduce the risks associated with our communication requirements we discovered during the assessment. As far as I am concerned, this is where the fun starts. Let us turn on the auditing and logging capabilities for the network security solution devices. If we designed this right, we only need to look at a few web-based applications to collect, manage and present the network security data. Now we start looking at our network communications through a security looking glass. With a little time and training, we should be able to separate and identify the “dirty” and “clean” network communications.
At this point, we need to manage the network security devices that make up our solution. What does manage really mean anyway? I define management as
• Quantifying the availability of our network
security devices
• Verifying firmware versions
• Identifying virus definition file updates
• Quantifying network security device resource
performance
Wasn’t this easy? I hope so. Today’s network security
devices and what they protect us from can get quite
confusing. It is easy to get side tracked by new security
features and capabilities. Since vendors and manufacturers
and always trying to sell you the most expensive and feature rich
security device, trust your assessment results and keep focused on
your exploitable vulnerabilities.
