When I went through my initial military training for what would become known as information technology (IT), one of the core things I remember was block diagramming. This is a process of drawing out the path of communications flow between any two end points.
In terms of cybersecurity, this concept is critical in understanding how information flows through a network, where potential vulnerabilities reside and what are the best methods to secure the network. Most organizations that have employed network diagrams to document their network do not typically address how data flows within the network and rely on the nature of the network diagram to depict data flow.
These diagrams typically start at the demarcation point [where the Internet Service Provider (ISP) entry point is], the equipment and then a router or security appliance, followed by some switching equipment. As data flows through the demarcation point, there is an opportunity to scan, filter and identify systems accessing or trying to access systems that are internal and external to the network.
This location in the network is a key monitoring point for observing unfiltered and filtered network traffic. By examining the unfiltered and filtered network traffic, the network owner can determine if the security measures in place are working as intended.
The ‘Defense in Depth’ Approach to Cybersecurity
With the knowledge gained by mapping the data flow, the network architect or owner can create choke points within the network. The idea is to implement the “defense in depth” approach to securing the network.
Defense in depth is a common concept in cybersecurity. Its purpose is to place compensating security measures in place of — or to protect — known vulnerabilities within a network. As cybersecurity expert Thomas M. Chen points out in the “Computer and Information Security Handbook,” the thought process behind the defense in depth concept “is to hinder the attacker as much as possible with multiple layers of defense [therefore increasing] the cost for attacker to be successful.”
Security expert Richard Bejtlich also emphasizes this defense in depth concept in his book, “The Tao of Network Security Monitoring.” However, according to Bejtlich, security zoning, or segmentation, is the practice of breaking up a network into smaller and more manageable networks that serve a specific purpose or work with specific types of data. This practice naturally creates additional layers of security.
Bejtlich specifically identifies four common security zones: perimeter, wireless (Wi-Fi), demilitarized zone (DMZ) and the intranet (internal network). Each of these zones, if implemented, requires separate security measures to ensure that attackers do not gain unauthorized access to the network or its resources.
Internet of Things Devices Creating New Cybersecurity Challenges
Unfortunately, in today’s networked environments and the proliferation of mobile devices — which has led to the reclassification of networks to be the Internet of Things (IoT) — many of these classical cybersecurity rules have gone out the proverbial window. In the Security Now! podcast, cybersecurity expert Steve Gibson introduced the idea of implementing a wireless network infrastructure that uses three routers, so that these IoT devices do not interact with any sensitive or potentially sensitive data.
The lack of IoT security made news in the third quarter of 2016 with massive distributed denial of service (DDoS) attacks on some well-known targets in Europe and the United States, one of which took down a major portion of the Internet. Today’s organizations also face cybersecurity issues relating to bring your own device (BYOD) policies and how to allow such devices with access to organizational data onto protected networks.
While BYOD policies reduce an organization’s IT equipment budget by passing that cost to their employees, there is a risk of the loss of intellectual property and the lack of control over the unsecure external networks to which those mobile devices may connect. Organizations that have implemented these BYOD environments must consider these security risks, along with the potential for the introduction of malware onto organizational networks or the potential for a network to be compromised with the inclusion of a botnet.
Using the Layered Approach to Organizational Cybersecurity Has Grown in Importance
With myriad potential security issues resulting from BYOD policies and the introduction of IoT devices within a network, a layered approach to protecting sensitive data is more important than ever. Administrators and network owner-operators need to understand what types of data are passing over their networks, what systems or devices are authorized to utilize the company network and how data flows between devices and the outside world.
For example, if an organization utilizes closed-circuit television (CCTV) to monitor its property and the monitoring system has a network capability, should that capability implemented to allow remote monitoring? Will that create a vulnerability in the network or in the physical security of the property?
There is always the risk that a security measure can create a new vulnerability. It is therefore prudent for cybersecurity personnel to test their network environment for new vulnerabilities or holes in their security. By doing something as simple as making block diagrams, they may quickly recognize where vulnerabilities reside when any new hardware, software or sensor is installed.