Pratum Blog

Port level security has always been a touchy subject. For some it is a last and final attempt to secure a network and protect information. Kill the port and it can’t be used by anyone for anything. Others claim this level of security isn’t necessary if you have good physical security controls and only creates an administrative nightmare.

Then along came network admission control (NAC) and network access protection (NAP). By interrogating a host and evaluating it against a set of predetermined criteria, we got the best of both worlds.  A "silver bullet" in the information security arsenal. The problem is that NAC and NAP weren’t compatible in the early days. So you had to choose one. Even then, things like multi-function devices weren’t supported so you had to exclude lots of ports around your environment. So you had a fortified environment except for where you had poked all the holes in it. Some organizations accepted the shortcomings and implemented a solution while others decided to skip it altogether. 

Many mid-sized enterprises today have still not embraced a NAC/NAP solution to port based security. I understand why. The cost and complexity of an implementation can be quite a burden. However, not taking any action to secure ports on the network is not a good idea either. We’ve been successful at penetrating the physical security of organizations 100% of the time. Adding a wireless access point or 4G LTE wireless device in a data center or switch closet is all too easy.

Physical security can only get you so far. It’s also pretty easy to defeat it in many cases. Organizations today should be considering options for locking down access to their physical network via port based security. It just makes sense. The tools have gotten better, less expensive and easier to maintain. Even if you choose to do it the old fashioned way and just turn off ports not in use, this is better than no security at all.

I was on a commercial flight a couple weeks ago. There was a family sitting in the row ahead of me. I was in the aisle seat behind and across from the teenage daughter’s aisle seat. It was a long flight and I was working on my laptop for a bit, did some reading and then watched the end of a movie I had started.

As I did all of this, the teenage daughter broke out her laptop and started making movies of her flight experience with her webcam. Harmless enough until she decided the angle she liked best was the one that had me front and center in the background. 

It was unnerving being such a prominent fixture in these home movies. I’m probably a little more on the private side than most. I understand that going out in public means you could be snapped in a photo or even captured on video. I get it. I don’t intend to be hermit. What I would have liked though is for the parents sitting on either side of this young woman, to tell her it was impolite to take so much video of a person without asking their permission.

You see, privacy is a delicate thing. Once you lose it, it’s gone for good. No getting it back. I don’t think this up and coming generation gets this point. We adults need to do a better job of educating young people on the dangers of a lack of privacy. I routinely check out every social media platform I can find in order to get background information on job candidates. Even this small window into someone’s life can be very telling. The information we share about ourselves, as well as what others share about us, will be a permanent fixture in cyberspace. What happens when your entire life is part of a database somewhere? When simply looking at someone through a heads up display (HUD) with facial recognition software provides the family, work, social and financial history of that individual?

I know it sounds crazy and farfetched today, but think back to the technology and finances required to communicate around the globe or quickly access criminal background information on an individual in the year 1963. Just 50 years later it can be done in seconds, for free. What will be possible in the next 50 years? What are we going to do to protect privacy going forward? Both are excellent questions.

Yes, it’s true. You are being hacked right now. I can’t tell you who is doing it or why. I can’t tell you if they have been or will be successful. I only know that you are being hacked. We all are. All day every day.

Here’s a statistic for you. When clients sign up for our managed services we find an attack within 24 hours which they were unaware of. This happens 100% of the time. I’m not trying to boast about our services. Sure I think we’re pretty good at what we do, but the point is that malicious activity is occurring constantly. Some of it is easy to spot. Some of it is not. Regardless, it’s there, you just have to look for it.

The first step to solving a problem is admitting the problem exists. If you still think your organization is hiding in your little corner of the world and unknown to the bad guys, you’re fooling yourself. The best thing you can do is face reality, assess the problem and decide how to address it. Maybe the issue isn’t as bad as you think. Maybe it’s worse. One thing’s for certain, you can’t fix a problem you won’t acknowledge exists.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.