How we help

Hybrid & Multicloud

Network Security

Network Automation

Network Virtualization

Who we help

Technology

Manufacturing & Production

Healthcare

Education

About us

News

Careers

Partners

Ampertalks

Request a Live demo

Get a Price Quote

microsoft

Microsoft preferred solution

Micetro

DNS Management

IPAM

DHCP Management

Workflows

xDNS Redundancy

Reporting

Training

DNS & BIND Jump Start

DNS & BIND Leap Ahead

Kea DHCP

FAQ

More products

Appliance Flex

Consulting

Request a Live demo

Get a Price Quote

Resources

Whitepapers

Webinars

Case studies

Documentation

Customer care

DIG

Ampertalks

Articles
securityinfrastructureBest practices
Greg Fazekas

Men&Mice Sensible IPAM Part 5: Security of IP Infrastructure

A look at sensibly managing security in a scattered network environment.

Dec 28th, 2018

In the final instalment of our 5-part series on IPAM (and really, more broadly, DNS, DHCP and IPAM), we’re taking a look at sensibly managing security in a scattered network environment. From large-scale DDoS attacks to mitigating human error, security measures come in all shapes and sizes — often overwhelmingly so. Here’s what you can do to stay ahead.

(TL;DR version: you need a DDI overlay to increase security on your network... and we happen to offer a great one).

This Playbook series consists of five parts:

Each part presents real-world problems for which Men&Mice has provided solutions.

Opposites attract… security problems?

Imagine that you are:

  • The CTO of a Managed Service Provider, whose own network is the first line of defense to protect customers. Your services are sensitive, as gaining access to or bringing down your network would compromise those utilizing your MSP solution.
  • The Lead Network Administrator of a mid-sized enterprise company recently expanding with new employees (and devices), through M&A activities, arriving daily. Onboarding new people is your technological challenge, balancing their need for autonomy and network resources with your requirement to maintain security protocols.

While opposite in scale, these problems can wreak the same amount of havoc in both cases, and network security is of paramount importance, more than ever.

What You Need

Much of network security is inherently present in the technology used. Orchestration and synchronization between different software providers, interfaces and hardware, however, needs to be done well.

Good security practices have to be sensible to be ubiquitous across the network, instead of obstructive. They have to be simple at their core and robust in their execution to prevent and solve problems. Let’s face it, your network is complicated enough.

Some of the more overlooked security vulnerabilities in network management today include:

  • Visibility challenges, or lack of central, unified overviews resulting from incompatible or simply different services (i.e. the variety of interfaces and functionality of each individual service that comprises the entirety of a network)
  • Misconfigurations or incompatibilities (what you do in one area of your network may not synchronize or be compatible with another area of the network, particularly with cloud vendors).
  • Human error (Hey, we all make mistakes. But automating can remove this ever-present challenge, increasing the health of the network).
  • Loss of control (how can you restrict access to increase security and focus on providing autonomy only where needed.)

Where Men&Mice Can Help

Retaining network security on the DNS, DHCP and IP address level has been a core design principle for the Men&Mice Suite from day one (which was nearly 30 years ago). Managing the fundamental components of the network means great responsibility: if the foundations are compromised or out of sync, the entire network is at risk.

The first security risk the Men&Mice Suite has addressed in the evolving world of hybrid network management, was to eliminate synchronization and misconfiguration hurdles between on-prem services and cloud services, then across cloud providers, enabling greater automation and utilization of network resources, independent of what are the services themselves. Then, we centralized management of these diverse and otherwise incompatible resources into one place.

This backend-agnostic, API-first overlay approach gave way to the xDNS Redundancy™ feature, which helps further mitigate DDoS and other malicious attacks.

If parts of the network become unavailable during an event like a DDoS attack, xDNS Redundancy prevents shutdown by switching to alternate resources. Once the affected resources are once again accessible, changes and updates are automatically synced across the entire network.

Due to the Men&Mice Suite's powerful, compatible APIs different network resources are processed and managed the same way within the Men&Mice Suite. This means that replicating or migrating DNS zones or DHCP scopes between network environments requires no special consideration or prolonged processes, making your DNS, DHCP and IPAM more nimble.

In addition, health alerts within the Men&Mice Suite provide the visibility necessary to proactively address misconfigurations, address space overlaps and malicious attacks while minimizing its effect on user experience.

Likewise, unified audit trails within the Men&Mice Suite help identify the source of an issue and on what area of the network, providing richer data to inform proactive decisions.

More often than any company would like to admit, especially in the age of post-Bring Your Own Device (BYOD) enterprise culture, security breaches can occur through human error. A simple password used across multiple mission-critical logins, a laptop stolen or left digitally unguarded, a malicious email attachment downloaded with malware, trojans or droppers, all can quickly take down or manipulate areas of your network, wreaking havoc.

The Men&Mice Suite’s granular access controls, including its integration with Microsoft Active Directory, provide solid security templates for preventing unnecessary access (and therefore unnecessary vulnerabilities) on the network. Retaining existing configurations and implementing new ones is easy, replicated, synched and scales as needed.

IT is no longer a department but a holistic and critical business resource. In 2019, we’ll be placing emphasis on closing the gap between IT professionals and IT users, on-prem and cloud teams as well as the increasing importance of overlays. It is our goal to showcase the importance (and value) of  proper DNS and IPAM for businesses, and the effects (and context) of eliminating network hindrances that complicate or slow business decisions.

Lesson 1: A quick way to learn about DNS Protocols

Here's a recent discussion during EuroBSDCon on DNS protocols and what will be changing in the future (DNS over TLS vs. DNS over HTTPS) by Carsten Strotmann on behalf of Men&Mice. We'll elaborate on this topic a bit more in 2019 during our talk at UTmessan in Reykjavik, February 8 & 9.

securityinfrastructureBest practices

Enjoyed the article?

Micetro by Men&Mice
Access Control
DNS
security
multicloud

Lockdown DNS Without Slowing Down Processes

Lockdown DNS Without Slowing Down Processes

Micetro by Men&Mice
IPAM
DHCP

It’s 10pm, Do You Know Where Your IPs Are?

It’s 10pm, Do You Know Where Your IPs Are?

Micetro by Men&Mice
Best practices
DNS
multicloud

Cascading Failures in Global Network Infrastructures

Cascading Failures in Global Network Infrastructures

READ MORE

Share on Social Media

Copyright © 2021 men&mice