Network security is vital for organisations to have easy and secure access to their network and for roaming workers. Avoiding network security problems such as cyber attacks, hacktivism and espionage remains a top priority as the network security landscape continues to change.
A third of respondents in a recent survey cited that more than 20% of their network users are remote, and just under half of respondents said they were less than 10%.
"It is important for companies to track remote users and provide accurate reporting and security systems. When remote employees for example return back to their office using companies' DNS [Domain Name System ], the company needs to detect if these users are free from any malware and/or bot nets. With organisations providing more remote options to their employees, the risks are becoming bigger," says Rene Bosman, Manager of Infoblox Africa, commenting on the results of the ITWeb/Infoblox Network Security Survey that ran online in June this year.
Bosman continues: "For example if an employee connects to a WiFi hotspot in a coffee shop or at home, and other users also access that same network, what levels of security is provided? We have examples of employees connecting to a WiFi hotspot in an airport and picking up a bot net."
When the employee returns to the office, this botnet is spread out across the network, and DNS is used to communicate to the command and control centre on the Internet. Bosman stresses that for this reason, it's critical that companies provide sophisticated security and tracking systems for their mobile workforce.
Forty-two percent of respondents said their organisation has an automated tool that runs to discover devices on their networks, while 31% perform this task manually.
Bosman says the downfalls of performing this task manually are multiple.
"Not having an automated discovery tool may lead into rogue network devices coming on to the network and not having the correct security policies - causing security breaches. In addition, more networks and users on the network may lead into IP address conflicts. This is the result of several things, including the Internet of things (IOT), whereby more devices are using IP addresses and communicate over networks."
Elaborating on this, Bosman says discovery tools that are not only automated but also discover these new types of devices allow customers to set policies as to what is allowed on their network and what is not.
"By enforcing this into a policy, customers can create security policies and protect themselves against devices, operating systems, rogue devices and users trying to gain access to the network," he says.
Alerts are power
The results were more or less evenly split when respondents were asked if they leverage information from their DNS and DHCP servers to be alerted to new devices coming onto their network, with 22% stating occasionally, 21% saying usually, and 22% saying all the time.
"It is important to understand which devices use DNS to communicate on the network, identify and detect infected/malicious users and if DNS is used for the exfiltration of data to sources outside your company. This is one area and more importantly, as a customer you want to avoid these users or devices for even receiving an IP address before they get access to the network. Today's traditional DNS/DHCP DHCP [Dynamic Host Configuration Protocol] systems do not provide these functionalities. DNS/ is a relatively old technology with limited visibility and no security built in," Bosman says.
He also stresses it is recommended to implement enterprise or carrier grade DNS/DHCP with security, as this will stop users and devices for accessing the network and will stop infected users accessing malicious domains on the Internet using DNS.
The survey also shows just over half of respondents (54%) indicated they have an automated system that presents possible security alerts, while 46% said they perform this task manually.
Bosman comments: "The importance of automatic alerts will help organisations understand if there are security breaches and threats, for example, if users on the network are infected with malware that communicates to a command centre on the Internet. In addition, it's also important for customers to block malicious activity on their DNS. This could result in data exfiltration, espionage, etc."
He believes DNS is the number one threat vector today and the number of DNS attacks is bigger than any other attack on the network.
Only 7% of respondents said they are only able to remediate security events extremely slowly, while a combined percentage (53%) of respondents chose between somewhat quickly and extremely quickly.
According to Bosman, customers can improve this by implementing off-the-shelf or enterprise DDI solutions that provide them visibility and secure DNS.
"Traditional DNS/DHCP basically falls into two solutions today: either customers are using Microsoft's DNS/DHCP or open Linux BIND systems. Both technologies do not provide security and visibility and especially in the case of Linux, it requires specific technical resources to manage. These resources are not widely available and also for these reasons customers need to look into off-the-shelf solutions that do provide visibility, security and are easier to manage. At the end of the day, DNS/DHCP is the most critical network component. Without it, there will be no communication."
Share