It was a revealed in a recent Fortinet survey of CISOs that one of the top three priorities for the next few years is the integration of network operations and IT security. Something which is corroborated by what I am witnessing when speaking to and visiting our customers.
The days of these two departments of job functions operating separately are over, with IT security having a stronger visibility on all IT projects; and with networking teams being fundamental to the implementation of ever increasingly sophisticated security tools.
Compromising Network Device Configuration Files
One such example which springs to mind, where security and networking meet, is the very management of those devices which make up the network infrastructure.
Switches, routers, WiFi controllers and dare I say hubs.
Traditionally the networks team would deploy, configure and manage these devices. However, in recent times, they have become a target for redirection attacks, snooping and even ransomware. Hence the increasing presence of IT security in their management.
Consider this scenario. Your networks team deploy a new core layer three switch in your network and although they have configured it correctly for the routing of traffic. A compromised networks team laptop with a keylogger installed is connecting to the layer three switch, thus disclosing its password.
An unauthorised party then uses that credential to connect to the layer three switch, changes its configuration file so that traffic is mirrored to another location - Making a copy of all traffic, from which sensitive information can be gleaned.
In this scenario, so long as network operations is not affected, you would likely not know...at least no immediately anyway.
Configuration File Integrity Monitoring
To combat this, there is a nifty group of solutions called configuration management tools which take periodic backups of configuration files from network devices. This of course functions nicely, simply for the purposes of backups, but crucially it allows for the comparison of two configuration files for changes. In a similar fashion to a file integrity monitoring (FIM) solution.
In addition, some of these tools can also receive SNMP traps from network devices to immediately notify them of changes to configuration files, rather than wait for the scheduled backup. This SNMP trap can then be used to trigger and immediate and out-of-schedule backup or alert to the IT security team.
If that doesn't resonate, how about less malicious examples such as a mistake being made on a router configuration which causes an outage. Configuration management tools will allow you to both restore a previous working version and/or will highlight the change in the hundreds of lines of configuration code.
Taking this one step further, some configuration management tools even act as a front-end tool to network device interaction, only permitting certain changes via use of a GUI. An example would be the creation of a new VLAN - rather than allow access to a CLI for creation, which could result in an error. The configuration management tool can provide a number of buttons which run pre-determined and approved scripts for creation.
A true meeting of the network operations and IT security.
Which Solutions Include Configuration Management
Ipswitch WhatsUp Gold, which is a very popular and widely-used network monitoring solution, has a configuration management plugin for this very purpose.
It can backup and restore configuration files from multiple types of network devices. It can compare those files and issue commands to network devices through its web administration console. Upon certain conditions, it can also raise alerts via email or even integration with scripts or ITSM tools such as ServiceNow.
We have been working in the network monitoring and IT security space for over ten years and find that our customers very quickly find the benefits of configuration management tools. While they may have been running something similar on server operating systems and file storage for some time, network devices are somewhat forgotten.
If you would like to learn more about configuration management or Ipswitch WhatsUp Gold, why not book a demo with one of our solution specialists today.