A look at sensibly managing security in a scattered network environment.
Dec 28th, 2018
In the final instalment of our 5-part series on IPAM (and really, more broadly, DNS, DHCP and IPAM), we’re taking a look at sensibly managing security in a scattered network environment. From large-scale DDoS attacks to mitigating human error, security measures come in all shapes and sizes — often overwhelmingly so. Here’s what you can do to stay ahead.
(TL;DR version: you need a DDI overlay to increase security on your network... and we happen to offer a great one).
This Playbook series consists of five parts:
Each part presents real-world problems for which Men&Mice has provided solutions.
Imagine that you are:
While opposite in scale, these problems can wreak the same amount of havoc in both cases, and network security is of paramount importance, more than ever.
Much of network security is inherently present in the technology used. Orchestration and synchronization between different software providers, interfaces and hardware, however, needs to be done well.
Good security practices have to be sensible to be ubiquitous across the network, instead of obstructive. They have to be simple at their core and robust in their execution to prevent and solve problems. Let’s face it, your network is complicated enough.
Some of the more overlooked security vulnerabilities in network management today include:
Retaining network security on the DNS, DHCP and IP address level has been a core design principle for the Men&Mice Suite from day one (which was nearly 30 years ago). Managing the fundamental components of the network means great responsibility: if the foundations are compromised or out of sync, the entire network is at risk.
The first security risk the Men&Mice Suite has addressed in the evolving world of hybrid network management, was to eliminate synchronization and misconfiguration hurdles between on-prem services and cloud services, then across cloud providers, enabling greater automation and utilization of network resources, independent of what are the services themselves. Then, we centralized management of these diverse and otherwise incompatible resources into one place.
This backend-agnostic, API-first overlay approach gave way to the xDNS Redundancy™ feature, which helps further mitigate DDoS and other malicious attacks.
If parts of the network become unavailable during an event like a DDoS attack, xDNS Redundancy™ prevents shutdown by switching to alternate resources. Once the affected resources are once again accessible, changes and updates are automatically synced across the entire network.
Due to the Men&Mice Suite's powerful, compatible APIs different network resources are processed and managed the same way within the Men&Mice Suite. This means that replicating or migrating DNS zones or DHCP scopes between network environments requires no special consideration or prolonged processes, making your DNS, DHCP and IPAM more nimble.
In addition, health alerts within the Men&Mice Suite provide the visibility necessary to proactively address misconfigurations, address space overlaps and malicious attacks while minimizing its effect on user experience.
Likewise, unified audit trails within the Men&Mice Suite help identify the source of an issue and on what area of the network, providing richer data to inform proactive decisions.
More often than any company would like to admit, especially in the age of post-Bring Your Own Device (BYOD) enterprise culture, security breaches can occur through human error. A simple password used across multiple mission-critical logins, a laptop stolen or left digitally unguarded, a malicious email attachment downloaded with malware, trojans or droppers, all can quickly take down or manipulate areas of your network, wreaking havoc.
The Men&Mice Suite’s granular access controls, including its integration with Microsoft Active Directory, provide solid security templates for preventing unnecessary access (and therefore unnecessary vulnerabilities) on the network. Retaining existing configurations and implementing new ones is easy, replicated, synched and scales as needed.
IT is no longer a department but a holistic and critical business resource. In 2019, we’ll be placing emphasis on closing the gap between IT professionals and IT users, on-prem and cloud teams as well as the increasing importance of overlays. It is our goal to showcase the importance (and value) of proper DNS and IPAM for businesses, and the effects (and context) of eliminating network hindrances that complicate or slow business decisions.
Here's a recent discussion during EuroBSDCon on DNS protocols and what will be changing in the future (DNS over TLS vs. DNS over HTTPS) by Carsten Strotmann on behalf of Men&Mice. We'll elaborate on this topic a bit more in 2019 during our talk at UTmessan in Reykjavik, February 8 & 9.