Network Blind Spots: Total Visibility or Not
This post is also available in : Spanish
Network blind spots: visibility, monitoring and security issues
Network blind spots study is framed within a field controlled by three well interconnected elements: monitoring, security and visibility.
Here are the two main principles that rule over this universe and are relevant to the topic at hand:
- We cannot control, measure or analyze what is not visible.
- Each invisible item in our network can be used to perpetrate a cyber-attack.
Thus, the basic objective of visibility is creating an outline that collects information from the main platform elements and delivers said information to monitoring and security systems for further analysis and evaluation.
This outline can be made up by very different elements: from specialized hardware devices conceived to capture network traffic, like TAPs, to software elements such as agents designed to retrieve information on specific servers.
All of them are defined and implemented with the aim of achieving the complete visibility ideal.
Yet, since network blind spots are places where there is no visibility, it is understood that the overall efficiency of a visibility outline is directly related to detecting and getting rid of network blind spots.
Network and cloud blind spots
With the outbreak of cloud-related technologies, it is common to find bibliography pointing out the importance of blind spots in regard to these services.
However, it is interesting to highlight that the concern about network blind spots began with traditional network designs, and there is no doubt that since then they have become a key element for platform visibility, monitoring and security.
In this article, we suggest you to reflect on network blind spots applied to a traditional outline and hybrid platforms, leaving blind spots which are exclusively related to the cloud for another article.
List of network blind spots
Attempting to create an exhaustive list of network blind spots would be pointless, since there are many cases and many technical details that may be the source of a blind spot.
In any case, we believe that it may be interesting classifying network blind spots to make a revision guide.
1) Related to your network management
On the one hand, network platforms are constantly changing: new offices are being opened, new hardware is being installed, new services are being introduced, new communication links are being engaged, etc.
On the other hand, platforms are becoming increasingly more complex; new virtual network outlines can be introduced, cloud services can be engaged, new bandwidth management outlines can be made, etc.
You have to bear in mind that each new item that you add, as irrelevant as it may seem, may cause a network blind spot.
That requires for platform managers to not ignore any blind spot.
We have come up with a few examples of blind spots that can be included within this classification:
- Remote offices that are set overlooking the necessary visibility outline for its components.
- Traffic encrypted without assessment, assuming that it is safe web traffic.
- Hardware devices poorly configured due to lack of time needed to understand how they work.
- Misconfigured SPAN ports that may be generating a high level of latency or may be discarding valuable traffic for analysis.
- Inconsistencies when configuring workstations. Differences in protocol configuration, IP addressing outline, DNS service, download standards and software installation, etc.
- Flaws in the software update process of devices that make up the network.
2) Related to the server virtualization outline
The introduction of any virtualization technology generates traffic between servers, which is usually called east-west traffic, which can get out of a visualization outline whose design is based on physical servers integrated in a certain network.
Consider for example a physical server, where you have virtually created multiple servers that communicate with each other to offer a certain service.
If your users suffer some performance problem, it may be impossible to evaluate said issue if we do not take into account the virtualization outline, since the problem may be found within the traffic between two of the virtual servers.
Traffic that never reaches a physical port in your platform, and therefore is not comprehended within the visibility outline’s reach.
On the other hand, virtualization can be associated with a development outline involving creating and deleting virtual servers at high speed.
An optimal visibility outline must be tailored to server creation and removal speed, in order to get rid of the any possible blind spots that you could come across.
3) Related to the mobile workforce
Every day a higher number of workers have access to and interact with data stored on the corporate network or in the cloud, from devices which are connected to the Internet while outside of the traditional network platform.
Integrating these devices means an extra risk in terms of security.
In fact, in March, ComputerWeekly magazine published the results of a survey of 500 people in charge of IT from different enterprises. 92% of respondents recognized their concern for security challenges posed by mobile workforce.
Undoubtedly, apart from security issues, the visibility and monitoring of these devices, which are either connected from homes, Internet cafés or airports, and which are both corporate and personal, becomes more challenging.
The performance evaluation for these users, for example, tends to be a failure report difficult to deal with, since the communications service features might be the problem.
4) Related to wireless networks
The incorporation of wireless technology to wired network platforms has generated a whole batch of potential blind spots.
Wireless networks imply adding several devices (smartphones, tablets and laptops), which do not need to follow the security policy of the company.
If the BYOD (bring your own device) policy is applied, this problem might be even bigger.
In addition, these devices make us face an additional problem which is unauthorized access points. It is very easy for a device to become the access point to a whole set of devices, which could even not be physically on the platform.
How should network blind spots be dealt with?
Raising awareness on the importance of outlining a visibility architecture, as well as a solid monitoring platform, is a basic step.
Then, we suggest you to establish a corporate communication process on the subject, so that in large organizations, this viewpoint is shared by departments that may be working in isolation, such as Systems Development, Platform, Technical Support or Data Security among others.
Afterwards you should be able to evaluate the possibility of incorporating the following corporative procedures:
- An interesting option to early blind spot identification is network audit, which unfortunately tends to be postponed or even unplanned given the time and manpower needed to carry it out.
- To enforce a strong security data policy that includes, among other features: user profile handling, certain requirements on the complexity of passwords, VPN for remote workers’ connexions, multiple username and password checks, restrictions on access to wireless networks, access control to the administrator passwords of each device, etc.
- Reporting the security policies to all the workers of the company, so that you promote an environment that recognizes security as a commitment for everyone.
- Keeping IT asset inventories up-to-date: handling carefully which computers, software, updates, applications, etc. may be useful to identify blind spots.
Within the technical field, there are many things that must be done. Let us point out the following ones:
- Establishing information-collecting procedures that cover the whole platform.
Pandora FMS includes several features aimed to achieve this goal. Among them, the satellite server that enables centralized monitoring of thousands of allocated devices. You may review the information compilation outline and Pandora FMS network monitoring options through this link.
- Including necessary monitoring elements for virtualized servers outlines. Here the challenge can be tailored to different virtualization outlines and the system development methodology applied within the company.
- Taking on the challenge of automating new network elements discovery procedures and generating a basic monitoring of these elements.
Pandora FMS features the Recognition Server or RCON, which explores the platform and applies a monitoring template to the systems it detects.
- Keeping a network map that includes every single operating element, including items associated to wireless networks.
- Defining an outline that is flexible enough to monitor any network element, with the acquisition-of-more-convenient-information outline.
Pandora FMS, for example, features different access methods to the monitored elements information, taking into account specialized agents, log file collection and the use of protocols such as SNMP, WMI, FTP, etc.
- Automating the IT asset inventory management of the computer assets. If you want to learn more about it, you can assess Pandora FMS inventory server’s potential following this link.
- Evaluating and establishing the encrypted traffic monitoring outline suitable to its actual traffic, considering the chances of deciphering or not said traffic.
- Establishing the monitoring procedures for the user’s experience, which will necessarily lead us to each of the operating platform elements (firewall, switches, web servers, application servers, database servers, communication links, cloud services, etc.).
If you need further information you can take a look at the scope of the user’s experience comprehensive monitoring implemented by Pandora FMS through the following link.
Finally, we would like to mention the concept of observability, which takes the awareness of visibility related issues to the system design, and within the network blind spot framework it may be applied to platform design.
The objective is that, when coming up with a design from scratch or planning our platform’s growth or changes, we bear in mind the need of obtaining a final result that offers a good observability level, as well as other factors such as reliability, efficiency, etc.
Therefore you will avoid the possibility of generating network blind spots within your design.
If this topic interests you, we encourage you to read this post.
Likewise, we invite you to share your experience in the network blind spots field, please leave your comments on this matter.