Measuring Network Security Vulnerability

Effective IT security comprises good identity management, access controls, and logging with associated event management and analytics. Restricting access is one of the primary objectives of network security, and why many enterprises are moving to a zero-trust security model.

Hacking involves a three-step process. The first step is to discover what's out there; second is to identify what's been discovered; and the final step is to choose targets. By minimizing the network attack surface, hackers will find difficulty in infiltrating other devices on a network.

The network attack surface is the totality of all network devices and services that have access to an endpoint or an application on the network. The lower the score, the more secure the endpoint or application on the network. These are the variables for calculating the network attack surface:

  1. Number of devices -- Number of devices that have network access to said device or application. On the LAN, this is all devices within the broadcast domain of a VLAN. On the WAN, this is any device that has an IP address that can route to said device or application.
  2. Number of services -- Number of ports that are open on said device for communication. Common ones are HTTP (port 80), HTTPS (port 443), SSH (port 22), and the list goes on.
  3. Directionality -- Who can initiate a TCP or UDP session (1 = yes, 10 = no)

  4. Application encryption -- A TLS 1.2 (with 1.3 on its way) session that validates the certificate for a session and provides 256-bit AES encryption and a SHA-256 authentication (1 = yes, 10 = no)

A good example is an IoT surveillance camera that sits on its own network VLAN. A private IP address sets up an HTTPS connection to a server and firewall, and routing rules do not allow the camera to talk to anything else but the server that initiates the conversation. The score here is 1: {1 device x 1 port x 1 direction x 1 Yes for TLS}

A poor (and not uncommon) example of network security is the setup I have for the home camera I installed to see who is at the front door and going in and out of my home. I have a home router/firewall that only allows Internet sessions to be initiated from within my home network. I have around 50 devices on my home network, depending on who is home at any given time. My home camera has a security attack surface score of 200,000: {50 devices on home network x 40 known open ports on my camera x10 (no directionality on my camera for setting up network sessions, just on my home router) x 10 (no encryption on this model of camera because the manufacture assumes it will be used on a private network and the hardware/CPU costs of adding encryption is too much)}

If one of the devices on my home network gets infected by malware, this malware can then easily infect my home camera. Nothing is stopping my home camera from initiating a connection to a server in Eastern Europe. My entire home network is now compromised, plus hackers can use my camera in distributed denial-of-service attacks. My home router/firewall doesn't have the intelligence to generate an alert when suspicious events are occurring on my home network.

Enterprises, which are a lot bigger and more complex than home networks, have an exponentially greater risk. The current network architecture of a simple edge, complex distribution layer, and fast core, where routing and security are done at the distribution layer, will not meet the needs of a zero-trust network.

The biggest change in enterprise network security to the very edge of the network in order to minimize the attack surface for everything that's connected. The adage "if you cannot measure it, you cannot manage it" applies to network access security too. Calculating the network attack surface is one way of measuring network access security risks.

For more insight on enterprise security, stop by the UC security panel discussion next week at Enterprise Connect, first thing Monday morning.

Learn more about Unified Communications & Collaboration at Enterprise Connect 2018, March 12 to 15, in Orlando, Fla. Register now using the code NOJITTER to save an additional $200 off the Regular Rate or get a free Expo Plus pass.