Tag Archives: virtual local area networks

Embedded network security: defence at all levels

Posted on by
Reply

Perimeter controls are no longer enough

Confidential information is increasingly at risk in many organisations. Recent incidents have shown that perimeter controls are no longer enough—businesses need to seriously update their security strategies to reflect new threats and new working practices. With bring-your-own-device becoming the norm and employees becoming more mobile, company data is increasingly being taken out of the organisation on laptops, smartphones, tablets and more. Third parties are connecting to the corporate network on devices that the IT department has little, if no, control over, and branch offices are becoming the mainstay of multinational organisations.

The traditional perimeter around a business is no longer there, so companies must adapt to ensure their security, both internal and external, is up to scratch. Those businesses who do not modernise their security will inevitably be more at risk of a security breach that has the potential to seriously disrupt regular business activity.

The Nomadic Challenge

In the knowledge economy, rock-solid security is a must have. Intellectual property is at a financial premium, so it is essential to protect it from inadvertent loss and to keep it out of the reach of professional fraudsters. Information is becoming increasingly difficult to secure in companies that have many branch offices with limited IT resources and growing numbers of mobile workers.

The task of securing information has been made much more difficult by the workforce becoming increasingly nomadic. While this extends a company’s reach, it also extends their risk. Confidential information is frequently out in the field and away from the direct control of the IT department. With increased mobile working, it is not all that surprising that there has been a rise in laptop loss and theft, and yet, few companies encrypt the data stored on mobile devices.

The 3rd Party Challenge

It is not just mobile employees who can put a strain on an organisation’s security. An increasing number of organisations are inviting third parties into their corporate environments and providing them with company services, such as email, web portals and business applications. In security terms, third parties introduce an unknown quantity into the organisation—their devices may not be secured and could potentially introduce malware into the network, or they may not be properly identified and inadvertently given access to confidential information.

The Remote Site Challenge

It is at smaller sites where the risk is most pronounced. Many multinationals have moved away from having a handful of very large sites and offices to a decentralised infrastructure with many smaller offices, depots, sites or outlets. Centralised delivery of enterprise applications over the corporate WAN is empowering this change, however, this often means that there is very little IT resource needed at smaller sites. Although this centralised delivery is an efficient use of resources for application delivery, it leaves smaller locations exposed with little to know IT security onsite.

The Trusted Zone Challenge

Essentially, the corporate network cannot be relied on to be the “trusted zone” that it once was. Organisations need to become “de-perimeterised”. There is no point in having an enterprise perimeter if workers need to access corporate information when they are outside of it. To protect the de-perimeterised organisation, it is important to have security embedded throughout the business.

Enterprises need to have consistent and comprehensive security from the edge of the enterprise through the local area network to the end user. All assets and sites need to be protected as security is only as strong as the weakest link. Automatic preventative devices, which can automatically take action based on what the device has detected, should be embedded throughout the organisation at all layers. Security controls need to be embedded in the infrastructure layer, the transport layer and the application layer in order to ensure that the entire organisation is secure from threats.

For example, user authentication needs to be embedded within the application layer to control access to company resources. The level of accreditation needs to be automatically calculated based on the user’s personal security level and the device and network from which he or she wishes to access the resource.

Embedded network security Opportunity

The de-perimeterisation of an organisation means that security breaches don’t just happen outside a nominal boundary that is protected by a firewall, they can happen just as easily inside. For this reason it is essential to also embed security in the transport layer so that all communications within the business are protected from security breaches.

For too many businesses, security is still seen as merely an expense, when in fact good security offers many business advantages. Security must be seen as an essential element to growing the business, as it not only protects users, but it also enhances productivity by making sure the right people access the right resources at the right time. Embedded network security can ensure that an organisation is secured from top to bottom, providing invaluable peace of mind.

Original Publication

IP voice security: are you susceptible or strong?

Posted on by
Reply

Undoubtedly, corporations are realising the benefits of IP voice systems. Voice over internet protocol (VoIP) can bring substantial cost savings and productivity enhancements to a business by transforming its circuit-switched networks to IP packet switching networks and running voice and data applications over a single infrastructure. However, businesses need to be aware that there are potential risks involved, they need to take some necessary steps to protect their interests.

When voice and data are merged onto a single network, voice becomes an application on the network and is, therefore, exposed to the same threats as data applications. These threats include infrastructure and application-based attacks, denial-of-service (DoS) attacks, eavesdropping, toll fraud and protocol-specific attacks. However, with the right procedures in place, VoIP security risks and threats can be managed and mitigated—maximising the benefits of VoIP while minimising exposure.

Infrastructure and application-based attacks

In VoIP, voice is essentially an application on the data network, fine-tuned to maintain voice-quality performance. VoIP equipment and end-point devices such as IP phones are becoming standardised and commoditised just like other data components such as PCs—meaning that VoIP is just as vulnerable to cyber-attacks. Hackers can exploit voice devices and disrupt the network from normal service and/or perform criminal actions such as data theft.

IT managers need to maintain current patch levels on all IT and network equipment and applications, and have appropriate anti-virus software installed and up-to-date. Virtual local area networks (VLANs) can also be implemented and used to protect voice traffic from data network attacks. By implementing application gateways between trusted and untrusted zones of the network, a VLAN will complement the protection offered by corporate firewalls.

Denial-of-service (DoS) attacks

A DoS attack occurs when someone deliberately floods a particular network with so much illegitimate traffic that it blocks legitimate traffic. Obviously, if your voice traffic is being transmitted over the same network, a DoS attack will have significant impact on business operations.

DoS attacks are difficult to stop and prevent, but proper intrusion prevention practices, special network devices and proper patch updates can minimise the risk of exposure. In order to prevent data network problems from affecting voice traffic, voice and data traffic should logically be separated from administrative traffic. Traffic shaping can also provide another layer of protection and control for the network.

Eavesdropping

Intercepting data traffic is a trivial endeavour for most hackers so it stands to reason that with voice and data convergence, the same can be said for voice traffic over the network. Many tools are freely available to collect packets associated with VoIP conversations and reassemble them for illicit purposes. Two measures that can be taken to prevent eavesdropping include isolating VoIP traffic using virtual private networks (VPNs) and applying encryption on voice packets. However, IT managers need to carefully evaluate the use of encryption of VoIP as it can increase latency in the network. Encryption of voice data could be selectively applied based on business requirements, for example, encryption and decryption can be used only for those conversations over untrusted networks. When choosing a managed service provider, companies should ensure that appropriate security protocols are actively used by the potential provider to ensure secure conversations within the network.

Toll fraud

Just as with traditional voice systems, toll fraud cannot be ignored when considering VoIP systems. Using toll fraud, attackers gain unauthorised access to a private branch exchange (PBX) call-control system to make long-distance or international calls, which can mean significant financial impact to the business. Poor implementation of authentication processes could allow calls from unauthorised IP phones and/or allow unauthorised use of the VoIP network. Companies need to impose proper control for access to VoIP systems, including gateways and switches, in order to avoid the occurrence or toll fraud. Centralisation of management and configuration control is also recommended.

Protocol-specific threats

Since VoIP was developed on an open standard, the protocols that support communications are well known and thus vulnerable to probing for their weaknesses and security flaws. Session initiation protocol (SIP) is gaining popularity – SIP is a session and call-control protocol, components of which are used by standards-based IP PBX and IP telephony systems. In addition to the standard IP vulnerabilities, SIP brings additional risks.

SIP is a text-based protocol, like the common HTTP and SMTP. Therefore attackers can easily monitor and analyse traffic and then transition into various application-level attacks. Attacks can include impersonation of registration for system access, unauthorised access to corporate directory information, taking control of calls to disrupt business and also placing unsolicited calls and voice messages. Obviously, in a malicious attack, this could be highly detrimental to a business. It managers need to be aware of these vulnerabilities and thus implement strong authentication and authorisation processes.

IP voice security

While convergence and VoIP implementations are fast becoming mainstream among multinational corporations, they are, at the same time, posing serious security challenges. Whether you are planning to build your own converged network or utilise the services of a managed service provider, the primary goal should be the implementation of VoIP security that is properly built and validated, with ongoing management support. Security has to be managed through proactive monitoring, event management, remediation and regular follow-up to ensure a stable and reliable corporate communications infrastructure. However, with the right security in place, VoIP can be a valuable asset to a company.

Original Publication