Since we were little, our parents set rules we were required to follow. In school, teachers gave us additional...
rules; if we didn't obey, there were consequences. As we got jobs, and for those of us that got married, more rules followed and the penalties for not following the rules became more severe.
While rules can be annoying, they also have tremendous value, as they set boundaries and demonstrate what acceptable behavior is and what it isn't.
As 2014 comes to an end and I look back at all of the information security problems organizations have endured this year and the number of breaches reported, it occurred to me that a key problem is that organizations often do not have well-defined rules when it comes to network security.
The case for secure network tiers
For organizations lacking good cybersecurity hygiene, one of the areas they struggle with the most is setting up and designing a secure network architecture.
For anyone building and designing a secure network, the fundamental challenge is ensuring the proper balance between access and security. Some resources must be accessible from the Internet, like Web servers and mail relays. At the same time, there are resources that need to be protected and controlled, like database servers and back-end mail servers.
The trick to solving this complex problem is creating network tiers. This tiered system separates untrusted entities that are accessible from the Internet, while trusted entities remain far removed from the Internet and harder to access. Figure 1 below shows the general concept of creating a tiered environment to allow for proper separation of trusted and untrusted entities.
Secure network tiers explained
The general philosophy behind a tiered architecture rests in the recognition that the front-end (less trusted) systems could be compromised, yet the network is designed with enough tiers to allow administrators to detect an attack and take action before an adversary can gain access to a back-end system (most trusted).
To convert this logical diagram into a physical network architecture, three rules are needed in order to provide a proper level of protection:
RULE 1: Any system that is accessible from the Internet must reside on the DMZ, and DMZ systems must never contain sensitive information.
RULE 2: Any system with sensitive data must be on the private network, and private network systems must never be accessible from the Internet.
RULE 3A: The only way a DMZ system can communicate with a system on the private network is by going through an application proxy on the middleware tier.
RULE 3B: If three tiers do not provide enough levels of protection, additional tiers can be added. Warning: The more tiers, the more complexity, therefore it is recommended to stay between 3 to 5 tiers to achieve a proper balance between protection and network complexity.
Figure 2 below shows a typical three-tier architecture with the proper separation and flow of information between the various levels.
Validating tiered network security
Now that we understand the three core rules, how can an organization check to validate that a tiered network architecture supports adherence to its network security rules?
In order to see how well the rules are being followed, perform this simple exercise:
- Make a copy of an accurate, up-to-date network diagram.
- Circle all systems that are accessible from the Internet with a red pen.
- Any system that contains sensitive data, circle with a green pen.
- Any system that has both a green circle and a red circle represents a violation of the rules.
This exercise will quickly allow an organization to assess how well it is doing in terms of protecting and controlling its critical information.
In this column we showed that building a secure network is not difficult if the three core rules of architecture design are always followed. It is important to note that following these three rules does not guarantee your organization will never be compromised.
However, by following these three rules, the damage caused by a network intrusion will be contained, and the impact to an organization will be minimized. As organizations place increasing value on prompt breach detection, this system of secure network tiers can often buy an organization more time to detect and remediate a breach.
If there is an article that you would like written or a problem area you are looking for solution, please contact Dr. Cole at firstname.lastname@example.org.
About the author:
Dr. Eric Cole is an industry-recognized security expert with more than 25 years of hands-on experience. He is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cyber security consulting services, expert witness work, and leads research and development initiatives to advance state-of-the-art information systems security. Dr. Cole was the lone inductee into the InfoSec European Hall of Fame in 2014. He is actively involved with the SANS Technology Institute (STI) and is a SANS faculty senior fellow and course author who works with students, teaches, and develops and maintains courseware.
Network security expert Kevin Beaver details the pros and cons of network segmentation.