Identity and access management (IAM) is key to ensure the security of an enterprise network. Threats originating from the outside are dealt with the firewall. But for an enterprise, threats originating internally show no sign of slowing. This part one article will shed some light on internal threats and recommend baby steps to secure the infrastructure.
Most businesses have placed some sort of firewalls at the entry point, they also have an anti-virus installed at the client-side. This is done with the best knowledge that most of the threats are filtered, but form a hackers point of view there is still a big gap in the security framework of the organization, that is at the entry point, but not at the internet gateway, instead its located at the end user side. It could be an exposed switch port or an SSID that is configured less securely.
When a user is connected to an internal network via LAN or WLAN, most of the time the user gets full access to the network. The connected user will have access to whatever servers in that specific network. A skilled hacker could use sniffing to capture important information related to the network and could even understand the internal network architecture, which could help them extensively in the information-gathering phase of their attack or even start a DDoS attack. Another step forward, they can capture NTLM hashes and compromise directory services. The same goes for a wireless connection, SSID hidden or not, WPA2-PSK enabled or not, the flaws are significant.
Here is were an NAC system can help, it can filter users and computers at the entry-level. It can also Implement SSO which can automatically decide what VLAN to be provided to a user/computer based on their organizational role or security status. At the wireless level, it can alleviate problems caused due to sharing of a password. NAC can effectively block machines from connecting to the network, especially if they do not belong to a specific domain and if the SSO account is expired. The most important benefit of a NAC is that it can isolate machines that do not satisfy a baseline security patch or an AV definition.
Furthermore, NAC gives more insight to the network, reduce DOS, DDOS attacks, STP loops from occurring. They can organize logs much effectively and even provide statistics of port traffic, based on which alerts could be created, the proactive approach to network security.
The ultimate advantage of an NAC system is the ability to tag identity of each port of the switch to a machine or a user and gives administrators immense control of the switch port and the associated system connected. They can take proactive measures on threats originating from a rouge port before it hits the network and causes paralysis of key workloads.
Aruba’s Clear pass, Extreme Network’s Extreme Control are a very effective tool that can work well with multi-vendor equipment and will give visibility from edge locations to the datacentre. For those, with budget constraints, packetfence is an ideal tool to be used; as it has enterprise-class features at zero cost. But it has a steep learning curve.
To conclude, leaving an infrastructure with very little insight can have far-reaching consequences. No IT Team wants its infrastructure to be compromised under their watch. Therefore, make NAC tool mandatory for environments irrespective of their size. Threats are evolving every hour; hence, the smart move is to prevent it from happening rather than invoking DR measures.
Cloud and Security 