25 Apr Information Security Part 4: Application Layer Security
In part four of our information security series, Solutions Architect for Pinnacle, Alan Bunyard, shares how you can secure your network at 4-7, the application layer. Below are his tips to tackle application layer threats.
What can you do to secure the application layer that we haven’t already discussed in the previous articles? In short, not a lot. These articles are concerned with managing the network, not the application. So all solutions to security problems take a network centric approach here. With that in mind, our mission to stick to network basics really falls apart at this stage. Modern threats require modern solutions.
Domain Name System (DNS) Security
DNS is an often overlooked area where network security can be significantly improved with very little effort. Have a secure DNS is an extra layer of protection against phishing, botnets, and many ransomware variants. Most ransomware relies on DNS for access encryption key servers that quickly move through public IP’s in an attacker’s botnet. Blocking these DNS requests can stop a compromise outright or at least prevent the breach from progressing further. Setting up a secure DNS service is simple: Point your recursive DNS at a security focused DNS provider. There are several secure DNS services and they range from free to relatively cheap depending on your use case. As an added bonus, it will take perhaps 15 minutes to register with the service and configure it on your edge router or internal DNS server. No advanced or complex configuration is required. It’s truly a fire and forget solution.
Next Generation Firewall
A traditional stateful firewall just doesn’t address the entire threat landscape today. Upgrading the edge firewall to a next generation model with IPS and anti-malware is really becoming a requirement. A stateful firewall with rulesets configured for least privilege is still a necessity to reduce the attack surface on your network. That traditional firewall is lacking ability to do deep packet inspection to verify protocol compliance and check for malware, exploits, and intrusion events. Without these features, you’re blind to the advanced threats that are increasingly common today.
Next Generation Antivirus
Endpoint protection is typically outside the realm of the network engineer, but an increasing number of these solutions have integrations with network security products. Instead of traditional signature based endpoint protection, we now have intrusion prevention and malware hunting machine learning capabilities on the endpoint that can integrate with or compliment your edge security on the firewall. Traditional AV really falls apart when no signature exists to identify a new malware strain. These next generation antivirus capabilities do not rely on signatures to identify threats and significantly reduce the mean time to detection on zero-day type malware and exploits.
Bonus – Layer 8
The old joke is that Layer 8 of the OSI model is the hapless users who are responsible for breaking the system. In this case, Layer 8 for network security is the administrator who neglects the security platform. All the security hardware and software in the world can be rendered useless if the systems are not kept up to date and monitored frequently by the network administrators. These systems require daily attention to the event logs. If no one looks at the logs, anomalous behavior can go unnoticed indefinitely. A small breach could become a major data leak or malware event.
This concludes our 4-part series on Information Security, if you missed parts 1-3 check them out in the hyperlinks below! For more information on how to protect your network and full-scale solutions offerings that we have available, get in touch with us today!
Writer: Alan Bunyard, Solutions Architect at Pinnacle Business Systems
Information Security 4-part Series
- Information Security Part 1: Physical Layer Security
- Information Security Part 2: Datalink Layer Security
- Information Security Part 3: Network/Transport Layer Security
- Information Security Part 4: Application Layer Security