Men&Mice Sensible IPAM Part 5: Security of IP Infrastructure

In the final instalment of our 5-part series on IPAM (and really, more broadly, DNS, DHCP and IPAM), we’re taking a look at sensibly managing security in a scattered network environment. From large-scale DDoS attacks to mitigating human error, security measures come in all shapes and sizes — often overwhelmingly so. Here’s what you can do to stay ahead.

(TL;DR version: you need a DDI overlay to increase security on your network... and we happen to offer a great one).

This Playbook series consists of five parts:

• Overview
• Conflict Resolution
• Scaling
• Cloud
• Day-to-Day Management
• Security

Each part presents real-world problems for which Men&Mice has provided solutions.

Opposites attract… security problems?

Imagine that you are:

• The CTO of a Managed Service Provider, whose own network is the first line of defense to protect customers. Your services are sensitive, as gaining access to or bringing down your network would compromise those utilizing your MSP solution.
• The Lead Network Administrator of a mid-sized enterprise company recently expanding with new employees (and devices), through M&A activities, arriving daily. Onboarding new people is your technological challenge, balancing their need for autonomy and network resources with your requirement to maintain security protocols.

While opposite in scale, these problems can wreak the same amount of havoc in both cases, and network security is of paramount importance, more than ever.

What You Need

Much of network security is inherently present in the technology used. Orchestration and synchronization between different software providers, interfaces and hardware, however, needs to be done well.

Good security practices have to be sensible to be ubiquitous across the network, instead of obstructive. They have to be simple at their core and robust in their execution to prevent and solve problems. Let’s face it, your network is complicated enough.

Some of the more overlooked security vulnerabilities in network management today include:

• Visibility challenges, or lack of central, unified overviews resulting from incompatible or simply different services (i.e. the variety of interfaces and functionality of each individual service that comprises the entirety of a network)
• Misconfigurations or incompatibilities (what you do in one area of your network may not synchronize or be compatible with another area of the network, particularly with cloud vendors).
• Human error (Hey, we all make mistakes. But automating can remove this ever-present challenge, increasing the health of the network).
• Loss of control (how can you restrict access to increase security and focus on providing autonomy only where needed.)

Where Men&Mice Can Help

Retaining network security on the DNS, DHCP and IP address level has been a core design principle for the Men&Mice Suite from day one (which was nearly 30 years ago). Managing the fundamental components of the network means great responsibility: if the foundations are compromised or out of sync, the entire network is at risk.

The first security risk the Men&Mice Suite has addressed in the evolving world of hybrid network management, was to eliminate synchronization and misconfiguration hurdles between on-prem services and cloud services, then across cloud providers, enabling greater automation and utilization of network resources, independent of what are the services themselves. Then, we centralized management of these diverse and otherwise incompatible resources into one place.

This backend-agnostic, API-first overlay approach gave way to the xDNS Redundancy™ feature, which helps further mitigate DDoS and other malicious attacks.

If parts of the network become unavailable during an event like a DDoS attack, xDNS Redundancy™ prevents shutdown by switching to alternate resources. Once the affected resources are once again accessible, changes and updates are automatically synced across the entire network.

Due to the Men&Mice Suite's powerful, compatible APIs different network resources are processed and managed the same way within the Men&Mice Suite. This means that replicating or migrating DNS zones or DHCP scopes between network environments requires no special consideration or prolonged processes, making your DNS, DHCP and IPAM more nimble.

In addition, health alerts within the Men&Mice Suite provide the visibility necessary to proactively address misconfigurations, address space overlaps and malicious attacks while minimizing its effect on user experience.

Likewise, unified audit trails within the Men&Mice Suite help identify the source of an issue and on what area of the network, providing richer data to inform proactive decisions.

More often than any company would like to admit, especially in the age of post-Bring Your Own Device (BYOD) enterprise culture, security breaches can occur through human error. A simple password used across multiple mission-critical logins, a laptop stolen or left digitally unguarded, a malicious email attachment downloaded with malware, trojans or droppers, all can quickly take down or manipulate areas of your network, wreaking havoc.

The Men&Mice Suite’s granular access controls, including its integration with Microsoft Active Directory, provide solid security templates for preventing unnecessary access (and therefore unnecessary vulnerabilities) on the network. Retaining existing configurations and implementing new ones is easy, replicated, synched and scales as needed.

IT is no longer a department but a holistic and critical business resource. In 2019, we’ll be placing emphasis on closing the gap between IT professionals and IT users, on-prem and cloud teams as well as the increasing importance of overlays. It is our goal to showcase the importance (and value) of  proper DNS and IPAM for businesses, and the effects (and context) of eliminating network hindrances that complicate or slow business decisions.

Lesson 1: A quick way to learn about DNS Protocols

Here's a recent discussion during EuroBSDCon on DNS protocols and what will be changing in the future (DNS over TLS vs. DNS over HTTPS) by Carsten Strotmann on behalf of Men&Mice. We'll elaborate on this topic a bit more in 2019 during our talk at UTmessan in Reykjavik, February 8 & 9.