The past several articles in the Back to Basics series have addressed controls inside the network—passwords, user management, and mobile device security. But even the best of these controls are for naught without strength at the perimeter of your network. Today we consider ways to minimize cybersecurity risk to your organization’s system from the outside world.
The first and most basic step to take to minimize external threats to your systems is to reduce the number of external connections to only those necessary for a business purposes. Every connection point into the network has the potential to be used as an attack vector, so on a regular basis, review all the connection points to the internet and reassess each one to determine if it is necessary or can be disabled. Consider all internet connections at branch offices, VPN connections, web servers, ISP routers, etc.
After external connections have been reduced to only those necessary for a business function, the firewall serves as the main line of defense to protect the internal network from external threats. At its most basic, the firewall should deny all connections except for those few that serve a business function, like VPN or WAN connectivity. Also with firewalls, it is key to ensure the external management console interface has been disabled. All firewall configuration management should be done from inside the network, not through the web based interface. Finally, caution should be taken when updating the firewall’s software or firmware to ensure unintentional or inadvertent changes do not occur to the rule base or open unnecessary ports.
Even when external connections are minimized and firewalls are configured appropriately, there is still more that can be done to protect internal resources from external threats. On those systems that require an internet-facing component, for example an Exchange server or customer portal, verify these systems have been hardened by disabling all unnecessary ports, services, and unused user accounts. Every few months, review these servers for any ports, services or user accounts that have been enabled through system updates or as part of a troubleshooting process and were never returned to their original configuration.
Finally, on a periodic basis (quarterly or semi-annually) conduct a review of users with remote access into the network. The user list may come from the VPN users, a group in Active Directory, or some other remote access tool. Verify each user is still a current employee and an authorized user. Identify any contractors or support company personnel and ensure that they are still employed by the contractor and still require access. Also review remote access logs to see when each user last accessed the system remotely. If a user only logs in once per quarter, reassess whether they truly need to be included as a remote access user.
Perimeter protection is no longer something to be configured, then forgotten. Cybersecurity risk has become too imminent to be passive and regular maintenance of these configurations, along with all of our suggestions in the Back to Basics series, will allow your organization to substantially reduce your risk of a cybersecurity event.
LEARN MORE ABOUT OUR RISK ADVISORY SERVICES
Bryan is a Manager at YHB and serves on the Risk Advisory Services Team. Bryan focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services.