About the Author
Kevin blogs at The Routing Table, a networking and technology blog focusing on networking, certification and technical development.
Full bio
When it comes to network security, the definition of those responsibilities has greatly evolved, just as the capabilities of networking have evolved. Think of the past environments you have worked in, going back as far as your token ring or dial-up days. Then fast forward to modern data centers, littered with fiber connections and traffic traveling at the speed of light. The one thing everyone can agree on is that networking as a whole has come a long way and, accordingly, so has security.
In the past, network security was basic in that devices and systems had user names and passwords, or even just a password. Later on, encryption was introduced to prevent data being sent in a clear text format. Now, more modern security includes specialized firewalls, 15-digit passwords with special characters, and multi-factor authentication (MFA).
Modern times call for modern forms of security and that’s exactly what we have seen. That shouldn’t be a shock to anyone. Take firewalls for example. Firewalls are great for protection at the edge, but the old way of thinking around “protecting the front-door” is long gone.
Securing the Edge is No Longer Enough
The fact is that securing the edge is no longer enough. Security must be the focus inside and outside of your organization. Malware and other attacks can be sourced from the Internet, a rogue employee with a USB drive, or an insecure wireless network, to name a few common methods.
There is an image I saw on基于“增大化现实”技术uba’s websitedescribing this challenge of security as a puzzle. It’s a very accurate representation of the challenge we now deal with for network security, because of all of the methods and systems that are in play now. The image I am referencing is below and shows a possible combination of the different systems that will all work together to help maintain overall network security.
Showing all of these systems together exemplifies that fact that network and security responsibilities are very intertwined. Aruba has put together apodcast that explains thischange and also mentions the fact that there is a noticeable “blurring of the lines” between the network and security roles.
Don’t Get Complacent
The big message here is that security should not just be a team writing and enacting policy on the network and server admins. Security needs to be a proactive thought in everything that the network admins and engineers are doing day in and day out. This means they need to have a seat at the table when it comes to the decisions that will ultimately affect the security of a company's IT infrastructure.
This seems like a very basic idea for those in the networking community. But as admins and engineers, we need to constantly evaluate our environments to make sure we are not getting complacent with our configurations. New threats and attack vectors are emerging every day. Complacency leads to us becoming comfortable. That’s the point when an attack is most likely to happen, because when we are comfortable with the state of the network, the sense of urgency around security slows.
The overwhelming takeaways are these:
- 正如网络始终在变化一样,我们作为管理它的管理员和工程师,必须以保护用户和数据的方式进行变化。
- Modern network security has moved beyond the edge and having a good edge firewall means very little in the overall goal of protecting the network anymore.
These two ideas are things I try to model my own planning and thought process around. Use them for yourself or make up something that better suits you, just understand this is a critical reality of modern IT security.
