In Network Infrastructure Security, Technical Bells and Whistles are not Enough

When we hear the term infrastructure, what generally comes to mind are physical structures that support an industry or a city. Common instances of infrastructure are those supporting transportation, government, and public services. As we enter the third decade of the 21st Century, the evolution of computing and network technology, which represents a younger, yet equally important, infrastructure continues at volatile speed. A network infrastructure is most commonly considered to be the physical devices that form the backbone and arteries of the network. In this context, it is true that the interconnection of routers and switches throughout one building or around an entire campus is an important component of the network. To this end, the lack of wireless access points, patch panels, cables, and network drops would leave computers isolated and far less useful. This is where the commonality between the traditional forms of infrastructure and their rapidly maturing, younger sibling, the network, is seen clearly.

In discussions on network infrastructure installation, operation, and sustainment, people are the component that is far too often the last point of consideration. This represents a critical and potentially dangerous point of failure, especially when the discussion transitions to the secure configuration and defense of the network against threats. Regardless of how well designed, tools like firewalls, intrusion prevention systems, network access control systems, and host-based security systems are ineffective unless properly installed and securely configured. Even more critical is the necessity for the people to effectively manage these tools, especially in the context of compliance with recommended continuous monitoring requirements. For this reason, more granular concerns arise, such as what specific infrastructure components are required to ensure that ingress and egress of network traffic can be quickly and accurately identified as legitimate or illegitimate.

This legitimacy of traffic – or lack thereof – represents a critical consideration in both passive and active monitoring of network security tools. Whether a threat be internal or external, it must be addressed. Before that, though, it must be detected. Subsequent to detection, it must be properly analyzed, and a response action must be formulated. The effectiveness of both the analysis and response ultimately determine the severity of the impact on the network. All of the aforementioned are contingent upon organizational management having the foresight and allotting adequate funding for proper, initial and continuing professional education of technical personnel.

Being able to readily identify illegitimate traffic and block it means one gets to complete a normal shift change and have a relaxing evening of Netflix. The contrary often results in lengthy and costly overtime, due to the dire necessity to execute Continuity of Operations or Disaster Recovery Plans. Thusly, while it is true that network security software and appliances are critical infrastructure requirements that provide the capability to detect illegitimate network traffic, the human infrastructure is even more critical. An organization’s technical personnel will not achieve and sustain the rank of Subject Matter Expert if infrastructure investments do not include training courses and technical certifications. Without knowledgeable and skilled people, any network infrastructure would be nothing more than a collection of expensive equipment.