Go back

Network Hardening and the Dynamic Art of Security

June 2, 2017

In 2017, networks are constantly under attack and even the smallest vulnerabilities can be quickly identified and exploited. Network hardening is critical for networks to eliminate potential vulnerabilities and ensure that they are adhering to the ‘golden rules’ of cyber security. While no network will ever be 100 percent safe, organizations that can harden their networks can drastically reduce the number of successful attacks against them.

Network Hardening

The three key phases to hardening a network all come with specific challenges for most networks.

1. Document the existing network design and configuration

To eliminate security vulnerabilities, the first step is gaining a high-level view of the network. The problem is the documentation of existing network infrastructure is a tedious, manual process for most organizations resulting in out-of-date network diagrams or maps. This inability to have a dynamic view of the network results in a limited understanding of security along application traffic flows.

With Dynamic Network Maps, organizations can automate the existing network in detail to not only provide end-to-end visibility, but offer detailed asset reports and more. To validate security along critical application paths, engineers can visualize access-lists and firewall policies. NetBrain’s A/B path calculator works at the layer-4 port-level to analyze ACLs and policy-based routing to visually validate that ‘good’ traffic is permitted and ‘bad’ traffic is denied across every path.

2. Identify and remediate security vulnerabilities

To effectively analyze potential security vulnerabilities, network teams need to analyze every configuration in the network. This is typically done one of two ways; manually where an engineer analyzes every configuration; or with custom scripts to automate the process. Performing this manually is a painstaking and tedious process, and custom scripts only speed up the process marginally. Most scripts are not very portable and require advanced scripting knowledge to build and run.

NetBrain’s adaptive network automation can validate every network configuration against a common set of ‘golden rules’ (e.g. device passwords are encrypted, timeouts are configured, etc.) To perform this assessment, NetBrain looks at every device’s configuration and searches for pre-defined rules within each. If a device is out of compliance, NetBrain will report it

3. Safeguard against future vulnerabilities

Ensuring that network teams follow defined security practices is critical and enforcing these policies across broad teams can be a challenge. Security teams can leverage the ‘golden rules’ identified in step 2 to create Executable Runbooks for the network team to use for future network changes. These Runbooks may include design guides to help enforce security best practices going forward.

Upon configuring a change, implementation engineers should execute a vulnerability assessment Runbook to ensure that it meets pre-defined security standards. The Runbook will scan each new configuration to ensure it meets the predefined ‘golden’ requirements. An event management system can even be configured to auto-trigger a vulnerability assessment at the instant a change takes place.

For the entire process to work effectively, collaboration is imperative. With NetBrain, security teams and network teams can work collaboratively through the platform during triage, forensics, and for hardening security to proactively prevent threats.

Related Content

Networking Perspectives

How to Identify Network Damage When a Hurricane Hits

Through the course of August and September 2019, Hurricane Dorian wreaked havoc throughout the Caribbean and mainland United States. It was the most powerful tropical cyclone on record to strike…

Read More
Networking Perspectives

Top 10 Challenges Addressed with NetBrain Automation

So what does NetBrain automation actually do? How does its automation help with the hundreds of tasks you face every day? Here are 10 common challenges that NetBrain tackles with…

Read More
Networking Perspectives

6 Areas NetBrain’s Automation and Mapping Can Optimise Your ITSM Processes

With a recently launched official integration into ServiceNow, NetBrain’s network visualisation and automation platform generates much greater levels of value through faster and more accurate process execution. How can NetBrain…

Read More