Last week our CTO, Professor Avishai Wool, presented a technical webinar on the do’s and don’ts for managing external connectivity to and from your network.
We kicked off our webinar by polling the audience (186 people) on how many external permanent connections into their enterprise network they have.
Clearly this is a very relevant issue for many enterprises, and one which can have a profound effect on security.
The webinar covered a wide range of best practices for managing the external connectivity lifecycle and I highly recommend that you view the full presentation. But in the meantime, here are a few key issues that you should be mindful of when considering how to manage external connectivity to and from your network:
While there has to be an element of trust when you let an external partner into your network, you must do all you can to protect your organization from attacks through these connections. These include placing your servers in a demilitarized zone (DMZ), segregating them by firewalls, restricting traffic in both directions from the DMZ as well as using additional controls such as web application firewalls, data leak prevention and intrusion detection.
Bear in mind that if the data being accessed over the external connection is regulated, both your systems and the related peer’s systems are now subject t. So if the network connection touches credit card data, both sides of the connection are in scope, and outsourcing the processing and management of regulated data to a partner does not let you off the hook.
Sometimes you will have to make changes to your external connections, either due to planned maintenance work by your IT team or the peer’s team, or as a result of unplanned outages.
Dealing with changes that affect external connections is more complicated than internal maintenance, as it will probably require coordinating with people outside your organisation and tweaking existing workflows, while adhering to any contractual or SLA obligations. As part of this process, remember that you’ll need to ensure that your information systems allow your IT teams to recognize external connections and provide access to the relevant technical information in the contract, while supporting the amended workflows.
In most cases there is a contract that governs all aspects of the external connection – including technical and business issues. The technical points will include issues such as IP addresses and ports, technical contact points, SLAs, testing procedures and the physical location of servers. It’s important, therefore, that this contract is adhered to whenever dealing with technical issues related to external connections.
These are just a few tips and issues to be aware of. To watch the webinar from Professor Wool in full, check out the recording here.
Receive notifications of new posts by email.