Common wisdom says that we humans use less than 10% of our brains’ capacity in a lifetime. I assert that the same is true for enterprise networking hardware and software.
As referenced by Paul in his recent post, we very frequently run in to organizations that have an overwhelming urge to add something to their systems to make them more secure. In reality, some of the deepest changes that will have the biggest impact on security are all around you in the environment you already have.
For example, all Cisco switches support VLANs, but a full half of the organizations we have dealt with have not seriously explored using that functionality to help separate network devices from each other. Where VLANs are implemented, at least 75% of those organizations don’t properly use a firewall or layer 3 access lists to prevent traffic from flowing between the network segments. Back down to layer 2, all Cisco switches support some form of MAC filtering or limitation of MAC addresses per port, but even those basic controls are almost never enabled in deployments we’ve seen. These are defenses for some of the most basic network attacks and can be enabled safely in some combination for 98% of all deployments.
The examples could go on endlessly, but the important thing to illustrate is that most all of your network is only delivering 10% of its potential from a security standpoint at any given time. Unlike the brain, accessing the remaining 90% is as simple as testing the functionality, configuring it, and deploying it to current installations.
To make the point directly, your organization has likely been purchasing all the hardware and software you need to be secure for years. The missing piece is the knowledge and experience required to put the pieces together in a way that makes them work effectively and securely together. That’s where we come in.
Great lover of this site, lots of your articles have truly helped me out. Awaiting up-dates!
Thanks for the share!
Nancy.R