Virtual Private Networks (VPNs) were developed over 20 years ago to provide users with the ability to access corporate resources located within the company’s local data center. Since most employees worked on-site and usually only a handful worked remote, the traditional VPN approach worked fine. However, today with the proliferation of laptops and mobile devices, along with the increased use of cloud (SaaS) solutions, the traditional model is in the…
The concept of segmenting networks to enhance security is not new, but with the increase in cyberattacks and the scope of data breaches growing with every new disclosure, making it harder for the adversaries to succeed should be considered a priority by all organizations. While segmenting a network can be a major effort and often competing with other priorities, if properly planned and designed, it will not only help secure…
Publicized data breaches or network compromises are becoming almost a daily event, with probably hundreds or more event occurring that are not disclosed. In order for companies to protect their users, data and resources measures must be taken that isolate and protect critical systems and resources. The recent breach of the National Bank of Blacksburg in Virginia resulted in the theft of over $2.4 million over an eight-month period. This…
“If you want to make enemies, try to change something.” was once said by former US President Woodrow Wilson. Any engineer or architect who has ever been involved in network engineering or security would probably agree. Any change in an organization is hard, but when dealing with network administrators and “managers” that don’t acknowledge the existing problems or how the new solution will solve those problems – you have a…
Traditional network security approaches are no longer adequate in today’s ecosystem and a new method to protect your network is needed. Many security professionals have begun implementing a new architecture called Zero-Trust Networking, which changes the entire security paradigm. The underlying principle of Zero-Trust Networking, originally developed by Forrester Research, is exactly as it sounds: Trust Nothing. A Zero-Trust network abolishes the notion that everything inside your corporate perimeter can…
The enterprise firewall is not a security device. The Intrusion Protection System will break the network. SSL inspection is an invasion of privacy. Network segmentation is hard. Welcome to Information Security in Bizarro World. Yes, I have heard all those excuses. The Internet is not a friendly place anymore with bunnies and unicorns frolicking in the meadows. Nation states, professional hackers spreading ransomware, and script kiddies are just some of…
Target, Home Depot, Office of Personnel Management (OPM), Democrat National Committee (DNC), Yahoo; almost every day we hear about some sort of data breach or network attack. It seems to have become a fact of life on the Internet. However, organizations can take simple measures to strengthen their networks without major network redesigns or exorbitant expenditures. Target was breached when a subcontractor’s system was compromised and the attacker gained valid…