Last week’s WannaCry cyber attack has brought to light how vulnerable organizations can be.  This attack, while aggressive, was not overly sophisticated in its approach but caused widespread disruption anyway.  These kinds of cyber attacks will continue to occur and will get more sophisticated.  This is going to require organizations to adopt a multilayered approach to securing their network environments.  Protection from this WannaCry attack is a perfect example.

 

Using an automotive analogy, antivirus (AV), patch management, and core/Internet firewalls are like seat belts in your car.  Client/server ACL/Policy on wireless and wired switch ports are like the air bags.  Belts are usually OK, but when things get rough or the belt isn’t used properly, it’s the airbag that could save your life.

 

Why?  Automated patch and AV deployment solutions are not 100% reliable.  Edge firewall rules can be wrong.  Sometimes you need added protection, rapidly deployed, in more places than traditional solutions address.

 

Extreme’s Policy based access control can easily respond to threats by rapidly locking down and isolating communications on wireless wired and switch ports at the edge.  Extreme WiNG can leverage Extreme Policy through role-based firewall.  For WiNG customers not running Extreme Policy, IP ACL and deep packet inspection can be used independently to protect and isolate Wireless traffic.

 

Here is an example of some of the complexities that network managers can encounter when faced with this kind of threat;

 

On a network I had access to yesterday there was one server that had run out of disk space, so Windows Updates could not be applied, and a couple of other servers on this network had not been automatically rebooted to apply patches that had already been installed.  Two actually required manual AV downloads.

 

I ran Wireshark on a DMZ server and noticed the dreaded TCP: 445 probes from an Internet IP address.  An old firewall rule that was relevant to a decommissioned server that used that IP address had not been removed.  Fortunately, that DMZ server, which serves Web and Exchange email transport, was patched.  If it wasn’t, it would have knocked out communications for this network, and presented a risk to the other servers that hadn’t taken their MS patch.

 

While most organizations think that their networks are fully protected it is easier to become exposed than you think.  With these kinds of attacks increasing in frequency we must do better in protecting our networks.  Hard and crunchy on the outside, soft and gooey on the inside works for candy, but not for networks, and sadly this describes many an organization’s networks.  Policy enforcement per port changes the environment from one big Easter Cream egg into cartons of individual M&M’s, each with its own layer of protection controlled by the network administrators.  This layered approach to security is where we need to guide organizations and help them adopt and implement these kinds of security measures.

 

Robert Young

Systems Engineer / Canada

robert.young@extremenetworks.com

Rob has over 25 years Industry experience in the Manufacturing, Logistics, Telco, Retail, and Healthcare verticals. Having started his career as Tier 1 helpdesk, and progressing through hands-on Support, Operations, and Consulting positions allows him to share a real-world perspective on Network Design and Security with his Enterprise customers.