When we talk about network and system security, there is an increasing thought of complicated attack scenarios with complex routines written for defending against it. Sure there may be some complex attacks out there that we should prevent but lets get back to basics for a moment. What is the one most simple thing that you can do to keep your network resources safe? Access Control Lists.
Some environments could have an awesome firewall in place that takes care off all their security requirements and some environments could simply have a DSL router. In either and any case, they can benefit from access control lists setup to prevent any number of network traffic. In the simplest of terms lets take a scenario with two network segments. One for servers and one for users. Normally your users only need specific access to the servers so you would allow one or two ports into your server network from your users network. Sounds like a firewall right? Yes an ACL is similar to your firewall in this scenario. An ACL take it a bit further though on the router level so that traffic gets dropped before it even hits a network or host.
When the environment gets a bit larger though is when a dedicated firewall will be an ideal solution for sorting what traffic is allowed to which networks. Still though an access control list is very important. Security is all about layers right? So why not layer your firewall to specific access as it travels through the network. It may not be as granular so that your router can focus on routing instead of firewall rules. One example here is that you could put an ACL in place to block everything but outbound stateful connections on port 80 for a specific department. Then set your fancy firewall to filter the URL’s or destinations that are trying to be reached. This allows a drop in network traffic from even attempting escape from their network as well as reducing firewall load so that it can focus on the HTTP traffic.
This brings up ACL’s as part of a security breach network wide. An access control list can be put in place to block ICMP traffic between networks but OK to the router. If one machine gets compromised and the malicious user simply tries to ping hosts for where to make their next attack, then you have slowed their host discovery and possibly eliminated the threat if they rely on that ping response for their next attack. One common scenario you may encounter is a SQL server physically or logically behind an internet facing server. The server would only have one network connection to a second NIC on the internet facing server making it look as if it were much more secure on an isolated network. Again back to layers of security, a network ACL could be put into place here allowing only specific items through so if something does get compromised the attacker wouldn’t have one more layer to break before being able to move compromised data out of your network.
Are access control lists perfect? No. That is why there are network firewalls, IDS, IPS, and a slew of technologies available. Are the still relevant? YES! Adding this layer of security is very important as every layer counts. Most of the time it is already built into your network routing products so you may as well use it!
No comments:
Post a Comment