Blog / How Big is Your Network?
Thinking about a network of computers is similar to thinking about a network of people. They’re both collections, albeit of devices or people, that can talk to each other. Some devices communicate wirelessly, others through an ethernet connection, and some over the internet. It’s not really important to think about how they talk to each other, just that they can. Regardless, there has to be at least two devices. After all, it’s not really networking when we’re talking to ourselves. Once you have that, you have a network.
Why am I being so detailed talking about a computer network? Two reasons. First, not everyone understands computers so it’s best to be clear about things right at the beginning. There’s a lot of lingo that get’s thrown around and it’s pretty easy to confuse people.
The second reason, though? Well that plays into the headline. Too many organizations just don’t understand how big their networks are, or how they are set up. Worse, the introduction of cloud technologies and hybrid setups has dramatically exacerbated the problem.
So, do you know how big your network is? It’s important to know because without an accurate understanding of the breadth and scope of it, you’ll never be able to comprehensively protect it. That’s a great reason to make visibility and documentation a priority; you need to be able to see what devices are plugging into your network and how everything is laid out.
Remember that this doesn’t mean you should fill out an excel spreadsheet with your purchase history. Sometimes old projects get forgotten or devices are marked as decommissioned but are never actually removed. Instead, you should perform a live scan that looks for everything on your network. Better yet, there’s plenty of software that can automate the job, and do it on a regular basis.
Next, create a network diagram, which is just a flow sheet or image of how different devices and groups in your network are linked. Sometimes they’re simple because every device can talk to every other device. Sometimes there are special subnets that can’t talk to others or high security devices. For example, payment card standards say you can’t have card-readers on your regular network, so they shouldn’t be visible in any kind of automatic scan. Hence, if you want your network security to be comprehensive, your payment processor needs to be on your network diagram or risk being missed.
This all seems fairly straightforward so far. Basically we’re just telling you to document everything behind your firewall, right? Alas, it’s not that simple. Do you have use cloud-based storage and sharing solution of some kind? How about a hosted email solution? Maybe some AzureAD features? None of these exist behind your firewall, so they’re not in “your network” per that definition, but they are most certainly a part of it. That’s why the question about knowing the size of your network is so important; you need to know the size and shape of your network before you can get an accurate picture of what you need to protect.
Everything that’s part of your network needs protection, and how you protect external resources like cloud storage or AzureAD is not entirely controlled by the provider. Part of the responsibility for protecting those external resources is on you. Things like multi-factor authentication or changing default user names are simple ways of adding an extra layer of security to network components outside your control. Different services need to be protected in different ways.
This week I’m going to quote a line from Shakespeare’s play The Tempest: “Hell is empty, and all the devils are here.”
If you have any questions about scanning and documenting your network, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.