Network Configurations in a CyberSecurity Emergency

Disclaimer: This content is the result of my having survived several emergencies of varying effect sizes. Most of these ideas are rules of thumb, and not canned answers. As in any emergency your best outcome will be if you keep calm, consider many options, and flow from plan to backup plan as required.



As always the most useful network configuration is the one that let's you use your available resources and that keeps you safe from attack. Every network will be configured differently. There are probably countably infinite network configurations that are equally safe.

Don't let the suggestions made here limit your options. Feel free to build your own router from an old computer or to spend thousands on an 'industry standard' router. Both approaches can work equally well and pay cost the same in the end, because all of this relies on hard work, accurate reports of attacks, and reconfiguration to prevent successful attacks. There is no getting around the hard work whether you do it yourself or pay someone else.

I want to particularly emphasize accurate reports of attacks. In particular, it is very necessary to have clear communication. If a trained computer scientist reports a problem, it behooves the hegemony to listen very carefully, especially if they have trouble believing the severity of the attack.

There is no substitute for a good, responsive systems administrator and a sufficient quantity of well-trained IT staff. so, if you are a manager, and your staff say that they are stretched too thin, you need to do something before you end up responsible for your own computer security.

There are just a couple of principles that are used to design these solutions:

  1. Security and networks should be designed in layers with the least secure being the outer layer.
  2. Higher risk machines are those that are mobile, as they are exposed to a wider variety of networks and security conditions.
  3. If you have something that needs really high security, keep it off the internet with good physical security.
  4. If your community will not help protect your physical security, you have no hope of electronic security.

Home Network Configuration

This is the last stable configuration that I had for my home network where I am the systems administrator. Of course, by the time this is posted, it will be out of date and the network will have changed. Keep in mind, that a state-of-the-art network configuration is anything that works for as long as it works.

Note, also that this network configuration was designed to make up for the security deficiencies of the network to which it was connected. Since each local network situation is unique, it would be unwise to copy this without careful knowledge of your local situation.


Work Network Configuration

Please note, that I am not the systems administrator on the networks that I use at work. So, I worked with the local administrators to respect their security set-ups, to keep dirty machines at the appropriate security level, and to alert them of problems. If there is a communication break down with any of this, it can be very problematic for everyone on the subnet.

Even the creation of a wireless network on a secure subnet, without the permission of the local systems administrator can be a problem for everyone in the subnet. In my case, since I was hacked both at work and at home, I was responsible to try to communicate about the attacks and the potential problems on any network that I connected my machine to. Any user of an exploited machine is responsible for contributing to security measures.

How to Know if A Network is Secure (... Enough)

How do you know if your network is secure enough? Do your users complain of attacks? Do the IT people need to re-install a lot of OSes? If the answers to either of these questions is yes, then you need to re-think your network security measures.

You know you have stable network security if your users are generally happy and rarely complain about software failures. Please note that complaints about 'hardware' failures may actually be software failures, but it takes an expert to identify the difference between hardware and software failures. So, be suspicious that your security is inadequate if the number of reported hardware or software failures increases drastically.

Also note that attacks come in waves or episodes (just like many things in life). If things are relatively quite, then you should have some excess IT capacity. This is so that you can successfully manage an increase in illicit activity. It's similar to managing a financial budget. As they say, don't cut things close to the wire. (For the foreigners: 'down to the wire' refers to having too few resources to solve a problem.)

All of this comes down to clear communication and good management. Do your IT people complain about being understaffed? Do your users know who to report problems to? Do the people taking reported problems respect your users? Or do they write-off user complaints as 'crazy'? What about the problems that users see, but cannot replicate for the IT people? As I have experience just such targeted attacks, such attacks are imminently possible and an easy way to use social engineering to hide illicit activities from IT people.

As with all communication in a relatively stable system, everyone complains some, both users and IT. Big complaints and frequent complaints should be resolved as soon as possible, particularly if they effect multiple users. If an under-represented minority complains of being targeted, management should pay careful attention to the possibility of overt bias and discrimination that is carried out via illicit attacks.

If management suppresses complaints entirely, this is an incredibly bad sign about the health of the communication system.


Homework

  1. If you are the administrator of a local network, try to improve communication with the users about security. Ask your users if they have noticed anything unusual. Make sure that they will alert you if they notice a problem.
  2. Notice that you administrate any smart technologies, you are responsible for the security and user experiences of any user of those technologies. Particularly the transient users who may not consent directly to those systems.
  3. If you are a user on any local network, make sure that you know the correct administrator to report problems to. Ask around until you know the correct lines of communication for all the networks that you use (even your local coffee shop).
  4. Notice that due to smart technology, you may be a user of systems that you cannot see or do not touch. These systems control temperature settings, lights, electronic locks, etc. If you notice a problem, you are obligated to report it to the appropriate administrator.
  5. If you are trying to report a serious problem, keep reporting it until there is an appropriate response. Report it to the cloud, to doctors, and to law enforcement if necessary.
  6. With smart technologies, the reporting of problems can become rather convoluted and indirect. As users and administrators, we are all responsible for clarifying the lines of communication and for reporting problems. These ubiquitous technologies have raised these communication problems to unprecedented levels of dysfunction and social obligation.


© 2015-2021 Intrepid Net Computing. All rights reserved.