Is our infrastructure secure? Is it resistant to errors and breakdowns? Do we conduct regular reviews of the existing setup and make the changes needed - or does our infrastructure function accordingly to the saying “if it ain’t broke, don’t fix it”? Do we even have an overview of the complete setup?
These are just a few examples of the questions that you need to consider. If you answer some of them with a no, you should strongly consider doing something about it. There have never been more threats to infrastructure and clients in general than nowadays. Increasing numbers of both large and small businesses suffer from attacks by hackers/crackers, social engineering, ransomware, denial of service, Trojans, virus, theft, internal threats, corporate espionage etc.
In this blog post I will enlighten you on some of the areas you should focus on. The list is not complete. It is simply my recommendations for which things you should consider implementing. It may seem impossible to implement all of these elements but do not fear - even a minor effort will get you far. More extensive changes should be implemented through an action plan. In addition, it does not have to be expensive to secure your network - limited funds will get you far. An important point to be added is that reviewing infrastructure is not only a job for large businesses. It is just as important for small and medium-sized businesses. Actually, studies and statistics show that many threats in fact focus on small businesses since the chance of success is higher. If interested, read more about this in The Guardian's article.
Before we look into the specific areas, I would like to emphasize that it is very important to assess how critical your infrastructure is to your organisation. Said in other words, what are the financial costs of a potential breakdown? For how long time can your business be inoperative before it affects the income? How about your image among customers and business partners? How critical is it for your business, if you lose parts of your data - or in worst case - all of your data in a virus or ransomware attack? How about corporate espionage or loss of proprietary products or development data? How critical is it if you lose these to a competitor?
Depending on how critical the above-mentioned is for your business, it is important to focus on ensuring uptime and data. You should also be aware that infrastructure is not a static quantity. Infrastructure is constantly changing, for instance, when devices are added, software is implemented, devices become outdated and in case of software bugs and clearing up firewall for disconnected devices etc. Managing infrastructure is an ongoing process. You can choose to take care of it yourself (preferably as automatically as possible) or to hire external specialists to take care of it.
Logging is one of the basic elements. However, it is typically ignored, and this is despite the fact that it is relatively cheap to set up (software is oftentimes free of charge and there are no absurd requirements for the server). It is recommended that you set up a log server which collects log from all devices connected to your network. A syslog server is preferred when identifying changes to the infrastructure, especially when debugging or, for instance, identifying who made certain changes.
Typically, the problem with logging is that you end up with large volumes of data which are only used in case of a specific problem. Sometimes data is used backwards when it could be used in a proactive manner instead. However, no administrator would be able to manage all data manually. Here it would be a good idea to set up a system that is capable of visualising all data in simple dashboards, warn if certain limit values are exceeded, file reports, trends and much more. There are several products on the market. Personally, I’m very excited about Splunk. It is truly an amazing product. (Disclaimer: The reason why I’m mentioning Splunk is that it is the product I have the most experience with and I’m most excited about. However, I want you, as a reader, to know that Netic and Splunk are business partners and that there are alternative products with similar features). With Splunk you are able to search all log data across systems and this way it is easier to identify similarities. It is also way easier to identify developments in trends and deviations from the norm. One of the advantages of Splunk is that you are not constrained by log format. This means that you are able to import, process data, extract data etc. without any form of conversion. If your equipment is capable of sending logs, Splunk is able to process it.
Let me just show you an example from my own job. In order for us to receive warnings about unusual traffic on one of our firewalls, we have a number of “live dashboards”.
This is an example of a dashboard. It gives us a heads-up in case of an unusual high number of firewall denies or allowed connections possibly caused by an attack, DDoS, virus etc. You can practically view all the data you wish for – the only limit is your imagination. Common for these dashboards is that they show a live image of all the critical areas for your business.
Backup is usually also forgotten. Of course, it is very important to back up your data and to run restore tests un a regular basis. I actually have an example from real life showing the consequences of not doing so. I once had to assist a company suffering from a breakdown on their database server. A non-functional hard disk was the source of the problem. The database server was a stand-alone server without any form of disk redundancy. The worst part was that their daily backups did not contain the actual data. They had been doing backups of the database installation files and not the actual data, which were placed at another partition on the same physical hard disk. This meant that all information about stock, customers, orders, outstanding customer payments etc. was lost. (The disk was sent to a professional recovery company without any success). If this company had carried out regular restore tests this would not have happened.
However, data is not the only thing you should back up. It is also important to do backups of equipment configurations such as routers, switches and firewalls. It is not sufficient to replace a defective firewall with a new one without having backup of the configuration. This may result in downtime for hours or even days. We recommend you set up a system that logs on to your equipment and backs up the configurations every time changes are made. There is no excuse, actually. It is fairly easy and cheap to do with most equipment.
Surveillance and Equipment Management
Surveillance and management of equipment is an area typically neglected by small businesses. You would probably be surprised to know the amount of equipment your operations rely on. Servers, routers, switches, firewalls, network-attached storage (NAS) and wireless access points are just a few examples. A surveillance system warns you if the equipment fails. This may be if a hard disk is almost full, equipment stops working, critical links/gates crash or experience packet loss, slow network response time, high temperatures etc. Besides warning you about potential problems, surveillance systems may also be used when discovering trends or identifying needs for capacity increase. Debugging is also made easier and more effective. In addition, it is relatively complicated to figure out whether something is wrong with your systems or not without having a baseline for ordinary operations.
There are many advantages of being in control of your infrastructure and it doesn’t have to be expensive to establish. There are many different surveillance systems and they vary in both price and functionality. It is possible to find good solutions either free of charge (there may be restricted functionality) or very cheap. A surveillance system is typically also capable of backing up configurations (read the section above) – killing two birds with one stone.
This was the first part of the two blog posts concerning infrastructure. In the following part I will discuss other important areas to consider.