When it comes to network security, the definition of those responsibilities has greatly evolved, just as the capabilities of networking have evolved. Think of the past environments you have worked in, going back as far as your token ring or dial-up days. Then fast forward to modern data centers, littered with fiber connections and traffic traveling at the speed of light. The one thing everyone can agree on is that networking as a whole has come a long way and, accordingly, so has security.
In the past, network security was basic in that devices and systems had user names and passwords, or even just a password. Later on, encryption was introduced to prevent data being sent in a clear text format. Now, more modern security includes specialized firewalls, 15-digit passwords with special characters, and multi-factor authentication (MFA).
Modern times call for modern forms of security and that’s exactly what we have seen. That shouldn’t be a shock to anyone. Take firewalls for example. Firewalls are great for protection at the edge, but the old way of thinking around “protecting the front-door” is long gone.
Securing the Edge is No Longer Enough
The fact is that securing the edge is no longer enough. Security must be the focus inside and outside of your organization. Malware and other attacks can be sourced from the Internet, a rogue employee with a USB drive, or an insecure wireless network, to name a few common methods.
There is an image I saw on Aruba’s website describing this challenge of security as a puzzle. It’s a very accurate representation of the challenge we now deal with for network security, because of all of the methods and systems that are in play now. The image I am referencing is below and shows a possible combination of the different systems that will all work together to help maintain overall network security.
Showing all of these systems together exemplifies that fact that network and security responsibilities are very intertwined. Aruba has put together a podcast that explains this change and also mentions the fact that there is a noticeable “blurring of the lines” between the network and security roles.
Don’t Get Complacent
The big message here is that security should not just be a team writing and enacting policy on the network and server admins. Security needs to be a proactive thought in everything that the network admins and engineers are doing day in and day out. This means they need to have a seat at the table when it comes to the decisions that will ultimately affect the security of a company's IT infrastructure.
This seems like a very basic idea for those in the networking community. But as admins and engineers, we need to constantly evaluate our environments to make sure we are not getting complacent with our configurations. New threats and attack vectors are emerging every day. Complacency leads to us becoming comfortable. That’s the point when an attack is most likely to happen, because when we are comfortable with the state of the network, the sense of urgency around security slows.
The overwhelming takeaways are these:
- Just as the network is always changing, we as the admins and engineers that manage it need to be changing in the way we protect both users and data.
- Modern network security has moved beyond the edge and having a good edge firewall means very little in the overall goal of protecting the network anymore.
These two ideas are things I try to model my own planning and thought process around. Use them for yourself or make up something that better suits you, just understand this is a critical reality of modern IT security.
